CVE-2025-0218

Medium CVSS: 5.5

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

Vendor

Pgadmin

Product

Pgagent

CWE

CWE-340

Yayın Tarihi

2025-01-07 20:15:30

Güncelleme

2025-11-03 18:15:46

Source Identifier

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

KEV Date Added

Kategoriler

CWE-340 Pgagent MEDIUM Pgadmin 2025

Referanslar

https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html

Benzer Kayıtlar

High

CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when run…

Critical

CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in serv…

High

CVE-2025-12765

pgAdmin

Critical

CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in serve…

Medium

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused…

High

CVE-2025-12764

pgAdmin