EXECUTIVE SUMMARY:
CVE-2026-25878 is a moderate severity vulnerability in the FroshAdminer Adminer UI component of the frosh /adminer-platform package that allows unauthenticated access to the Adminer interface without requiring Shopware admin credentials. It affects all released versions earlier than 2.2.1, where the Adminer route was configured without authentication, exposing sensitive UI functionality. This flaw stems from missing session validation on the /admin /adminer endpoint, enabling an attacker to reach the Adminer UI without proper authorization. The issue has been tracked with a CVSS base score of 6.9, reflecting network-accessible exploitation with low complexity and no required privileges or user interaction. Exploiting this vulnerability could potentially expose internal UI components or assist in further attacks against the underlying system.
RECOMMENDATION:
We strongly recommend you update frosh /adminer-platform to version 2.2.1.
REFERENCES:
The following reports contain further technical details: