PT-2025-46819 · Pgadmin · Pgadmin
Published
2025-11-04
·
Updated
2026-01-10
·
CVE-2025-12762
CVSS v3.1
9.8
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pgAdmin versions up to 9.9
pgAdmin versions 9.9 and earlier
Description
pgAdmin versions up to 9.9 are susceptible to a Remote Code Execution (RCE) issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw permits attackers to inject and execute arbitrary commands on the server hosting pgAdmin, potentially compromising the database management system and its underlying data. Approximately 14,466 to 7,393 potentially vulnerable instances have been observed. The vulnerability stems from improper handling of code injection during server-mode restores from PLAIN-format dump files, where pgAdmin fails to adequately sanitize inputs. Successful exploitation could lead to a full system compromise.
Recommendations
Upgrade to pgAdmin4 version 9.10 or later.
Disable server mode to mitigate the risk.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
BDU:2025-14360
CVE-2025-12762
GHSA-W2P4-P4RH-QCM3
OPENSUSE-SU-2025:15818-1
Affected Products
Pgadmin
References · 41
- https://github.com/pgadmin-org/pgadmin4/issues/9320⭐ 3287 🔗 796 · Vendor Advisory
- https://bdu.fstec.ru/vul/2025-14360 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-12762 · Security Note
- https://osv.dev/vulnerability/GHSA-w2p4-p4rh-qcm3 · Vendor Advisory
- https://osv.dev/vulnerability/openSUSE-SU-2025:15818-1 · Vendor Advisory
- https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836⭐ 3287 🔗 796 · Note
- https://github.com/pgadmin-org/pgadmin4⭐ 3287 🔗 796 · Note
- https://twitter.com/N3mes1s/status/1989433649641787876 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1ozdgd3/top_10_trending_cves_17112025 · Reddit Post
- https://reddit.com/r/CVEWatch/comments/1oyizts/top_10_trending_cves_16112025 · Reddit Post
- https://t.me/cveNotify/143374 · Telegram Post
- https://reddit.com/r/CVEWatch/comments/1oxozj7/top_10_trending_cves_15112025 · Reddit Post
- https://twitter.com/ksg93rd/status/1991341130957365565 · Twitter Post
- https://suse.com/security/cve/CVE-2025-12764 · Note
- https://twitter.com/zer0pwn/status/1999218470396035301 · Twitter Post