CRITICAL🇵🇱 Wersja polska

CVE-2025-13780

CVSS 9.1v3.1pub. 2025-12-11upd. 2025-12-19

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
  • Pgadmin 4

    APP
    Pgadmin
    ≤ 9.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-12046CRITICAL9.5ten sam produkt

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POS...

CVE-2026-12048CRITICAL9.3ten sam produkt

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a P...

CVE-2026-12045CRITICAL9.4ten sam produkt

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database conte...

CVE-2026-7813CRITICAL9.4PL ✓ten sam produkt

pgAdmin 4: nieautoryzowany dostęp i privilege escalation w trybie serwerowym

CVE-2025-12762CRITICAL9.1PL ✓ten sam produkt

RCE w pgAdmin 4 — wstrzykiwanie komend podczas przywracania bazy