AI description
CVE-2025-12762 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin versions up to 9.9. The vulnerability occurs when pgAdmin is running in server mode and performing restores from PLAIN-format dump files. This vulnerability allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin. Successful exploitation could compromise the integrity and security of the database management system and the underlying data.
- Description
- pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
- Source
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- NVD status
- Analyzed
- Products
- pgadmin_4
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
#VulnerabilityReport #CommandInjection Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files https://t.co/ckAj78WHrz
@Komodosec
22 Dec 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
in november, i reported an RCE that bypassed the patch for CVE-2025-12762 in versions 9.10 of pgadmin4. it has now been patched in the latest release 9.11 and tracked as CVE-2025-13780 https://t.co/o8fxY6XKYO
@zer0pwn
11 Dec 2025
477 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 A new pgAdmin4 vulnerability, CVE-2025-12762 (CVSS 9.8), allows for RCE in server mode when restoring PLAIN-format dump files. This flaw carries the potential for full system compromise. 🔴 We detect 7,393 instances of potentially exposed hosts at time of writing. 🔴 Ve
@censysio
5 Dec 2025
14570 Impressions
36 Retweets
217 Likes
88 Bookmarks
2 Replies
0 Quotes
🚨 A new pgAdmin4 vulnerability, CVE-2025-12762 (CVSS 9.8), allows for RCE in server mode when restoring PLAIN-format dump files. This flaw carries the potential for full system compromise. 🔴 We observe 14,466 potentially vulnerable instances at time of writing. 🔴 Versio
@censysio
4 Dec 2025
862 Impressions
4 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en pgAdmin ❗CVE-2025-12762 ➡️Más info: https://t.co/OEgRtPrwyc https://t.co/DeEcauXAbj
@CERTpy
28 Nov 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na kritickou RCE zranitelnost v pgAdmin, CVE-2025-12762. Pokud aplikace pracuje v režimu server, pak se v ní nachází chyba zabezpečení, kdy při provádění operací obnovení používá výpisové soubory PostgreSQL ve formátu PLAIN. Útočníci mohou v
@GOVCERT_CZ
21 Nov 2025
267 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
pgAdminに深刻な脆弱性4件(CVE-2025-12762, CVSS 9.1)など https://t.co/wo9bLhFa7Q #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
20 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 pgAdmin, Remote Code Execution, #CVE-2025-12762 (Critical) https://t.co/dxPumYx47W
@dailycve
19 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#poc 🎯 CVE-2025-12762 exposes systems running pgAdmin in server mode to remote code execution #pgAdmin #PostgreSQL https://t.co/dyMuZnMYom
@absholi7ly
18 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-12762 (CVSS 9.1): Critical pgAdmin4 RCE pgAdmin4 server mode + plain backup restore = instant RCE Search by vul.cve Filter👉vul.cve="CVE-2025-12762" ZoomEye Dork👉app="pgAdmin4" 40.3k+ exposed instances ZoomEye Link: https://t.co/l7ZKnjpObB Refer: 1. h
@zoomeye_team
17 Nov 2025
5763 Impressions
23 Retweets
74 Likes
37 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨:CVE-2025-12762 : Critical pgAdmin Flaws Allow Remote Code Execution via PostgreSQL Dump Files. It affects versions up to 9.9. 📊188.5K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/H4H1mAx3qg 👇Query HUNTER : https://t.co
@HunterMapping
17 Nov 2025
3405 Impressions
20 Retweets
61 Likes
29 Bookmarks
0 Replies
0 Quotes
⚠️ Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers Read more: https://t.co/OlfREXflVU A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762,
@The_Cyber_News
17 Nov 2025
4403 Impressions
31 Retweets
89 Likes
22 Bookmarks
0 Replies
2 Quotes
pgAdmin patched four flaws. The Critical RCE (CVE-2025-12762) risks arbitrary code execution via malicious PostgreSQL dump files. LDAP Injection (CVE-2025-12764) and TLS Bypass were also fixed. Update to v9.10. #pgAdmin #RCE #Cybersecurity #PostgreSQL https://t.co/2smCTmL72d
@the_yellow_fall
17 Nov 2025
24 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12762 - Exploit and Reproduction for pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode #pruva reproduction: https://t.co/rt2E1Cf7kN Advs: https://t.co/PQsGAMMpCU
@N3mes1s
14 Nov 2025
4069 Impressions
15 Retweets
55 Likes
27 Bookmarks
1 Reply
0 Quotes
🚨 pgAdmin < 9.10 has an RCE vulnerability (CVE-2025-12762) allowing attackers to execute arbitrary commands on the server, risking the database system's integrity and security. https://t.co/4S73FCs7tI https://t.co/MNR03JdEds
@IntCyberDigest
14 Nov 2025
7873 Impressions
23 Retweets
64 Likes
20 Bookmarks
0 Replies
1 Quote
CVE-2025-12762 pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-form… https://t.co/MqbRbvmUM6
@CVEnew
13 Nov 2025
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-12762: CRITICAL] Critical Remote Code Execution (RCE) vulnerability in pgAdmin versions up to 9.9 allows attackers to execute arbitrary commands, posing a severe threat to cyber security.#cve,CVE-2025-12762,#cybersecurity https://t.co/qhfmldF6k4 https://t.co/iyNLblD59Y
@CveFindCom
13 Nov 2025
57 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-12762 is a critical pgAdmin 4 RCE (CVSS 9.1) affecting versions ≤9.9. Network-accessible, low complexity, requires only low privs. The Changed Scope (S:C) rating means compromise extends beyond pgAdmin itself. Attack surface: Restore module processing PLAIN-format
@gothburz
13 Nov 2025
619 Impressions
1 Retweet
7 Likes
5 Bookmarks
0 Replies
0 Quotes
**CVE-2025-12762** is a critical Remote Code Execution (RCE) vulnerability affecting **pgAdmin** versions up to 9.9. when operating in server mode, specifically during the restore process from PLAIN-format dump files. The vulnerability allows an attacker to inject malicious
@CveTodo
13 Nov 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pgadmin:pgadmin_4:*:*:*:*:*:postgresql:*:*",
"vulnerable": true,
"matchCriteriaId": "869DC8C4-E456-4D31-964B-96D4B9B8F4A2",
"versionEndExcluding": "9.10"
}
],
"operator": "OR"
}
]
}
]