Research: PHP Object Injection in Adianti Framework

As part of my research into Gadget Chains and PHP Object Injection, I discovered an exploitable vulnerability in the Adianti Framework.

The maintainers were responsive to the report and have released a fix in version 8.1

https://adiantiframework.com.br/changelog#810

Details of the report:

https://gist.github.com/mcdruid/8412cfb55f443a1344ff41af0ce1b215

This vulnerability was assigned CVE-2025-3590.