CVE-2025-12762

Name of the Vulnerable Software and Affected Versions pgAdmin versions up to 9.9

Description pgAdmin is susceptible to a Remote Code Execution (RCE) issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, potentially leading to a complete compromise of the server environment. Reports indicate approximately 7,393 to 14,466 potentially vulnerable instances are currently detectable. The vulnerability stems from improper handling of code injection during server-mode restores from PLAIN-format dump files, where pgAdmin fails to adequately sanitize inputs. The vulnerability is exploitable without user interaction and has a low complexity.

Recommendations Upgrade to pgAdmin4 version 9.10 or later.