CVE-2025-12763

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions up to 9.9

Description pgAdmin 4 versions up to 9.9 on Windows systems are susceptible to a command injection issue. The root cause is the use of shell=True during backup and restore operations. This allows attackers to execute arbitrary system commands by providing specially crafted file path input. The vulnerable operations involve the use of file paths that are not properly sanitized before being passed to the system shell.

Recommendations Update pgAdmin to a version later than 9.9.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-14696

CVE-2025-12763

GHSA-RM79-X4G6-HVG5

OPENSUSE-SU-2025:15818-1

Affected Products

Pgadmin

Windows

Pgadmin 4

CVE-2025-12763

Weakness Enumeration

Related Identifiers

Affected Products

References · 18