Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2025/12/11 9:31 p.m.11 views

pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.9AI score0.00851EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2025/12/01 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2025-f7d8e75d34)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.12217EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/11/13 1:0 p.m.1 views

CVE-2025-12762 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS7.4AI score0.12217EPSS
Exploits1References1
CVE
CVE
added 2025/11/13 1:0 p.m.91 views

CVE-2025-12762

CVE-2025-12762 affects pgAdmin 4 up to v9.9 when running in server mode and performing restores from PLAIN-format dumps, enabling remote code execution via injected commands on the host. Public advisories and Nessus/GHSA entries confirm this is a critical RCE with network access, low complexity, ...

9.8CVSS7.3AI score0.12217EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder