Remote Code Execution Vulnerability in pgAdmin Affecting Versions Up to 9.9
CVE-2025-12762

9.1CRITICAL

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 13 November 2025

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2025-12762?

A Remote Code Execution (RCE) vulnerability exists in pgAdmin, specifically in versions up to 9.9. This vulnerability is triggered when operating in server mode and performing restorations from PLAIN-format dump files. By exploiting this flaw, attackers can inject and execute arbitrary commands on the hosting server, undermining the integrity and security of the database management system and the associated data.

Affected Version(s)

pgAdmin 4 0 <= 9.9

References

https://github.com/pgadmin-org/pgadmin4/issues/9320

issue-tracking

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Nov 5, 2025

JSON