PT-2025-46819 · Pgadmin+1 · Pgadmin+1
Published
2025-11-04
·
Updated
2026-02-20
·
CVE-2025-12762
CVSS v3.1
9.8
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pgAdmin versions up to 9.9
Description
pgAdmin is susceptible to a Remote Code Execution (RCE) issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, potentially leading to a complete compromise of the server environment. Reports indicate approximately 7,393 to 14,466 potentially vulnerable instances are currently detectable. The vulnerability stems from improper handling of code injection during server-mode restores from PLAIN-format dump files, where pgAdmin fails to adequately sanitize inputs. The vulnerability is exploitable without user interaction and has a low complexity.
Recommendations
Upgrade to pgAdmin4 version 9.10 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
BDU:2025-14360
CVE-2025-12762
GHSA-W2P4-P4RH-QCM3
OPENSUSE-SU-2025:15818-1
Affected Products
Pgadmin
Red Os
References · 45
- https://github.com/pgadmin-org/pgadmin4/issues/9320⭐ 3437 🔗 820 · Vendor Advisory
- https://osv.dev/vulnerability/GHSA-w2p4-p4rh-qcm3 · Vendor Advisory
- https://osv.dev/vulnerability/openSUSE-SU-2025:15818-1 · Vendor Advisory
- https://wiki.astralinux.ru/astra-linux-se18-bulletin-2026-0224SE18 · Vendor Advisory
- https://bdu.fstec.ru/vul/2025-14360 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-12762 · Security Note
- https://osv.dev/vulnerability/CVE-2025-12762 · Vendor Advisory
- https://github.com/pgadmin-org/pgadmin4⭐ 3438 🔗 820 · Note
- https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836⭐ 3287 🔗 796 · Note
- https://suse.com/security/cve/CVE-2025-12763 · Note
- https://twitter.com/Komodosec/status/2003242953041674438 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1oyizts/top_10_trending_cves_16112025 · Reddit Post
- https://twitter.com/Karma_X_Inc/status/1990433148941844659 · Twitter Post
- https://suse.com/security/cve/CVE-2025-13780 · Note
- https://reddit.com/r/CVEWatch/comments/1pgftjk/top_10_trending_cves_07122025 · Reddit Post