CVE-2026-25892
📋 TL;DR
Adminer v5.4.1 and earlier has a version check endpoint that lacks origin validation, allowing attackers to send malformed POST data. This causes a PHP TypeError in openssl_verify() that returns HTTP 500 errors to all users, creating a denial-of-service condition. Anyone running vulnerable Adminer versions with internet access is affected.
💻 Affected Systems
- Adminer
📦 What is this software?
Adminer by Adminer
⚠️ Risk & Real-World Impact
Worst Case
Complete denial-of-service where all users receive HTTP 500 errors and cannot access the Adminer interface, potentially disrupting database management operations.
Likely Case
Temporary service disruption where Adminer becomes unavailable until the server recovers or is restarted.
If Mitigated
No impact if the version check endpoint is properly secured or disabled.
🎯 Exploit Status
Simple HTTP POST request with malformed parameter triggers the vulnerability. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v5.4.2
Vendor Advisory: https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh
Restart Required: No
Instructions:
1. Download Adminer v5.4.2 from official repository. 2. Replace existing Adminer files with new version. 3. Verify the ?script=version endpoint now validates request origins.
🔧 Temporary Workarounds
Disable version check endpoint
allBlock or disable access to the vulnerable ?script=version endpoint
# Add to web server config (Apache example):
<LocationMatch "\?script=version">
Deny from all
</LocationMatch>
# Nginx example:
location ~* \?script=version {
deny all;
}
🧯 If You Can't Patch
- Implement WAF rules to block malformed POST requests to ?script=version endpoint
- Restrict network access to Adminer instance using firewall rules or authentication
🔍 How to Verify
Check if Vulnerable:
Check if Adminer version is 5.4.1 or earlier by viewing the Adminer interface footer or checking the adminer.php file version.Check Version:
grep -i 'version' adminer.php | head -5Verify Fix Applied:
After patching, verify version shows 5.4.2+ and test that POST requests to ?script=version from unauthorized origins are rejected.📡 Detection & Monitoring
Log Indicators:
- HTTP 500 errors from Adminer instance
- PHP TypeError messages mentioning openssl_verify()
- Unusual POST requests to ?script=version endpoint
Network Indicators:
- POST requests to /adminer.php?script=version with version[] parameter
- Traffic from unexpected sources to Adminer instance
SIEM Query:
source="web_server_logs" AND (url="*?script=version*" AND status=500) OR (message="*TypeError*openssl_verify*" AND program="php")