CVE-2025-12763
Published
CVSS v3
6.8
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.
GitHub