Is vrana/adminer affected by CVE-2026-25892?

Packagist vrana/adminer is affected in >=4.6.2 <5.4.2.

Is CVE-2026-25892 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 1.6%.

high

CVE-2026-25892

Q: Is CVE-2026-25892 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 1.6%.

Packagist · vrana/adminer

Summary

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Severity: high
EPSS: 1.6% (p72)
Also known as: GHSA-q4f2-39gr-45jh
Published: 2026-02-10

References

https://github.com/vrana/adminer/security/advisories/GHSA-q4f2-39gr-45jh
https://nvd.nist.gov/vuln/detail/CVE-2026-25892
https://github.com/vrana/adminer/commit/21d3a3150388677b18647d68aec93b7850e457d3

Related advisories

CVE-2025-43960 — high · Packagist/vrana/adminer
GHSA-97h7-mf38-g9mf — high · Packagist/vrana/adminer
CVE-2021-21311 — high · Packagist/vrana/adminer

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.