PT-2025-51832

PGAdmin, the popular PostgreSQL GUI, had a critical flaw! 😱 Attackers could execute shell commands on your host. Basically, they could make your computer do pirouettes. 🕺 The vulnerability CVE-2023-45255 allowed remote code execution via specially crafted SQL queries. So, if you’re managing...

Command Injection

pgAdmin 4 is vulnerable to command injection. The vulnerability is due to the use of shell=True during backup and restore operations on Windows systems, which allows an attacker to execute arbitrary system commands by supplying specially crafted file path input...

Remote Code Execution (RCE)

pgAdmin is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of PLAIN-format dump files during restore operations in server mode, allowing attackers to inject malicious commands that are executed on the server hosting pgAdmin...

LDAP Injection

pgAdmin is vulnerable to LDAP Injection. The vulnerability is due to improper sanitization of special LDAP characters in the username during the LDAP authentication flow, which allows an attacker to inject crafted input and cause the DC/LDAP server and client to process excessive data...

Authentication Bypass

pgAdmin is vulnerable to Authentication Bypass. The vulnerability is due to improper TLS certificate verification in the LDAP authentication mechanism, which allows an attacker to bypass secure authentication controls and potentially intercept or manipulate authentication traffic...

Arbitrary Code Injection

pgAdmin is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of PLAIN-format dump files during restore operations in server mode, which allows an attacker to inject and execute arbitrary commands on the server hosting pgAdmin...

SUSE CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

pgadmin4-9.11-1.1 on GA media (moderate)

pgadmin4-9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15818-1 Rating: moderate Cross-References: CVE-2025-12762 CVE-2025-12763 CVE-2025-12764 CVE-2025-12765 CVE-2025-13780 CVSS scores: CVE-2025-12762 SUSE : 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L CVE-2025-12762 SUSE : 9.3...

OPENSUSE-SU-2025:15818-1 pgadmin4-9.11-1.1 on GA media

These are all security issues fixed in the pgadmin4-9.11-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

CVE-2025-13780

CVE-2025-13780 affects pgAdmin up to 9.10 when running in server mode and performing restores from PLAIN-format dump files, enabling remote code execution by injecting commands on the pgAdmin server. The issue is triggered during server-mode restore operations and could compromise confidentiality...

CVE-2025-13780 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

EUVD-2025-202720

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

CVE-2025-13780 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

PT-2025-50670

Name of the Vulnerable Software and Affected Versions pgAdmin versions up to 9.10 Description pgAdmin versions up to 9.10 are susceptible to a Remote Code Execution RCE issue when running in server mode and restoring from PLAIN-format dump files. This flaw allows attackers to inject and execute...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.10 and earlier versions, which originates in server mode when restoring a PLAIN format dump file could lead to remote code...

Fedora 43 : pgadmin4 (2025-8a81153971)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8a81153971 advisory. Update to pgadmin-9.10 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

[SECURITY] Fedora 42 Update: pgadmin4-9.10-1.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...