CVE-2025-9636

CVSS v3.1

7.9

High

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.7

Description pgAdmin is susceptible to a Cross-Origin Opener Policy (COOP) issue. This allows manipulation of the OAuth flow, potentially resulting in unauthorized account access, account takeover, data breaches, and privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

DoS

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

BDU:2025-11501

CVE-2025-9636

GHSA-6859-2QXQ-FFV2

OPENSUSE-SU-2025:15612-1

SUSE-SU-2025:03625-1

SUSE-SU-2026:0232-1

Affected Products

Pgadmin

Red Os

CVE-2025-9636

Weakness Enumeration

Related Identifiers

Affected Products

References · 25