Critical severityNVD Advisory· Published Nov 13, 2025· Updated Feb 26, 2026
Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)
CVE-2025-12762
Description
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 9.10 | 9.10 |
Affected products
3- ghsa-coords2 versions
< 9.10+ 1 more
- (no CPE)range: < 9.10
- (no CPE)range: < 9.11-1.1
- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-w2p4-p4rh-qcm3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-12762ghsaADVISORY
- github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836ghsaWEB
- github.com/pgadmin-org/pgadmin4/issues/9320ghsaissue-trackingWEB
News mentions
0No linked articles in our index yet.