CVE-2025-2945

Critical CVSS: 9.9

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).

The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.

This issue affects pgAdmin 4: before 9.2.

Vendor

Pgadmin

Product

Pgadmin 4

CWE

CWE-94

Yayın Tarihi

2025-04-03 13:15:43

Güncelleme

2025-09-17 18:04:10

Source Identifier

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

KEV Date Added

Kategoriler

CWE-94 Pgadmin 4 CRITICAL Pgadmin 2025

Referanslar

https://github.com/pgadmin-org/pgadmin4/issues/8603

Benzer Kayıtlar

High

CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when run…

Critical

CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in serv…

High

CVE-2025-12765

pgAdmin

Critical

CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in serve…

Medium

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused…

High

CVE-2025-12764

pgAdmin