PT-2025-46819 · Pgadmin · Pgadmin
Published
2025-11-04
·
Updated
2025-11-20
·
CVE-2025-12762
CVSS v3.1
9.8
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pgAdmin versions up to 9.9
Description
pgAdmin versions up to 9.9 are susceptible to a Remote Code Execution (RCE) issue that arises when operating in server mode and restoring from PLAIN-format dump files. This flaw permits attackers to inject and execute arbitrary commands on the server hosting pgAdmin, potentially compromising the database management system and its data. The vulnerability stems from improper handling of code injection during the restore process. The attack surface is the restore module processing PLAIN-format dumps in server mode, requiring low privileges and no user interaction.
Recommendations
Versions prior to 9.10 are vulnerable.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
BDU:2025-14360
CVE-2025-12762
GHSA-W2P4-P4RH-QCM3
Affected Products
Pgadmin
References · 25
- https://github.com/pgadmin-org/pgadmin4/issues/9320⭐ 3287 🔗 796 · Vendor Advisory
- https://osv.dev/vulnerability/GHSA-w2p4-p4rh-qcm3 · Vendor Advisory
- https://bdu.fstec.ru/vul/2025-14360 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-12762 · Security Note
- https://github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836⭐ 3287 🔗 796 · Note
- https://github.com/pgadmin-org/pgadmin4⭐ 3287 🔗 796 · Note
- https://t.me/cveNotify/142639 · Telegram Post
- https://twitter.com/The_Cyber_News/status/1990248971760185507 · Twitter Post
- https://twitter.com/0dayPublishing/status/1988961247916601633 · Twitter Post
- https://t.me/CVEtracker/37238 · Telegram Post
- https://twitter.com/Karma_X_Inc/status/1990433148941844659 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1oyizts/top_10_trending_cves_16112025 · Reddit Post
- https://twitter.com/IntCyberDigest/status/1989322370843095281 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1p14p4v/top_10_trending_cves_19112025 · Reddit Post
- https://reddit.com/r/CVEWatch/comments/1p092hc/top_10_trending_cves_18112025 · Reddit Post