CVE-2025-2946

Published Apr 3, 2025

Last updated 2 months ago

CVSS critical 9.1

Overview

Description
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-79

Social media

Hype score
Not currently trending

  1. 🟠 pgAdmin, Cross-Site Scripting (XSS), #CVE-2025-2946 (Medium) https://t.co/t0GnJnODcv

    @dailycve

    24 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚡️The vulnerability details are now available: https://t.co/Yzdm11XElK 🚨🚨pgAdmin 4 Critical Vulnerabilities CVE-2025-2945 (9.9): A wide-open gate to Remote Code Execution—hackers could own your database! CVE-2025-2946 (9.1): XSS attacks lurking in malicious query results, h

    @zoomeye_team

    7 Apr 2025

    1726 Impressions

    3 Retweets

    17 Likes

    10 Bookmarks

    0 Replies

    1 Quote

  3. 🚨 CVE-2025-2946 ⚠️🔴 CRITICAL (9.1) 🏢 https://t.co/EhTSUykEQG - pgAdmin 4 🏗️ 0 🔗 https://t.co/KHlR3ILOM8 #CyberCron #VulnAlert #InfoSec https://t.co/eirOihHWFM

    @cybercronai

    5 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-2946 pgAdmin &lt;= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through qu… https://t.co/2tPHcv9Ivg

    @CVEnew

    3 Apr 2025

    545 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-2946: CRITICAL] Attention: pgAdmin&lt;=9.1 users, a security flaw allows attackers to execute XSS attacks via query result rendering, running arbitrary HTML/JavaScript in your browser. Update recommended.#cybersecurity,#vulnerability https://t.co/kG700HDTq0 https://t.co

    @CveFindCom

    3 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.