Critical severityNVD Advisory· Published Dec 11, 2025· Updated Feb 26, 2026
Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)
CVE-2025-13780
Description
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 9.11 | 9.11 |
Affected products
3- ghsa-coords2 versions
< 9.11+ 1 more
- (no CPE)range: < 9.11
- (no CPE)range: < 9.11-1.1
- Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-fxmw-jcgr-w44vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13780ghsaADVISORY
- github.com/pgadmin-org/pgadmin4/commit/1d397395f75320ca1d4ed5e9ca721c603415e836ghsaWEB
- github.com/pgadmin-org/pgadmin4/commit/d5a909f14cb9713d89b49481ad1929fad89f4576ghsaWEB
- github.com/pgadmin-org/pgadmin4/issues/9368ghsaissue-trackingWEB
- github.com/pgadmin-org/pgadmin4/pull/9426ghsaWEB
News mentions
0No linked articles in our index yet.