Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

@@ -29,6 +29,10 @@ restore process:
      copy of the backed-up object.
    * Select *Plain* to restore a plain SQL backup. When selecting this option
      all the other options will not be applicable.
+     **Note:** The plain SQL restore process is executed in the backend using
+     the psql command with the \restrict option. The purpose of \restrict is to
+     enhance security by preventing dangerous commands embedded in a plain text
+     dump file from being executed on a PostgreSQL server.
    * Select *Directory* to restore from a compressed directory-format archive.
 
 * Enter the complete path to the backup file in the *Filename* field.

@@ -11,6 +11,7 @@
 
 import json
 import re
+import secrets
 
 from flask import render_template, request, current_app, Response
 from flask_babel import gettext as _
@@ -350,6 +351,7 @@ def get_sql_util_args(data, manager, server, filepath):
     :param filepath: File.
     :return: args list.
     """
+    restrict_key = secrets.token_hex(32)
     args = [
         '--host',
         manager.local_bind_host if manager.use_ssh_tunnel else server.host,
@@ -358,6 +360,7 @@ def get_sql_util_args(data, manager, server, filepath):
         else str(server.port),
         '--username', server.username, '--dbname',
         data['database'],
+        '-c', f'\\restrict {restrict_key}',
         '--file', fs_short_path(filepath)
     ]
 
@@ -375,43 +378,7 @@ def use_restore_utility(data, manager, server, driver, conn, filepath):
     return None, utility, args
 
 
-def has_meta_commands(path, chunk_size=8 * 1024 * 1024):
-    """
-    Quickly detect lines starting with '\' in large SQL files.
-    Works even when lines cross chunk boundaries.
-    """
-    # Look for start-of-line pattern: beginning or after newline,
-    # optional spaces, then backslash
-    pattern = re.compile(br'(^|\n)[ \t]*\\')
-
-    try:
-        with open(path, "rb") as f:
-            prev_tail = b""
-            while chunk := f.read(chunk_size):
-                data = prev_tail + chunk
-
-                # Search for pattern
-                if pattern.search(data):
-                    return True
-
-                # Keep a small tail to preserve line boundary context
-                prev_tail = data[-10:]  # keep last few bytes
-    except FileNotFoundError:
-        current_app.logger.error("File not found.")
-    except PermissionError:
-        current_app.logger.error("Insufficient permissions to access.")
-
-    return False
-
-
 def use_sql_utility(data, manager, server, filepath):
-    # Check the meta commands in file.
-    if has_meta_commands(filepath):
-        return _("Restore blocked: the selected PLAIN SQL file contains psql "
-                 "meta-commands (for example \\! or \\i). For safety, "
-                 "pgAdmin does not execute meta-commands from PLAIN restores. "
-                 "Please remove meta-commands."), None, None
-
     utility = manager.utility('sql')
     ret_val = does_utility_exist(utility)
     if ret_val:

@@ -40,4 +40,5 @@ Bug fixes
   | `Issue #9233 <https://github.com/pgadmin-org/pgadmin4/issues/9233>`_ -  Fixed an issue where the Select All option on the columns tab of import/export data was not working in languages other than English.
   | `Issue #9240 <https://github.com/pgadmin-org/pgadmin4/issues/9240>`_ -  Fixed an issue where the Debian build process failed with a "Sphinx module not found" error when using a Python virtual environment.
   | `Issue #9281 <https://github.com/pgadmin-org/pgadmin4/issues/9281>`_ -  Fixed an issue where the last used storage directory was reset to blank, leading to access denied errors during backup or restore operations.
-  | `Issue #9304 <https://github.com/pgadmin-org/pgadmin4/issues/9304>`_ -  Fixed an issue that prevented assigning multiple users to an RLS policy.
\ No newline at end of file
+  | `Issue #9304 <https://github.com/pgadmin-org/pgadmin4/issues/9304>`_ -  Fixed an issue that prevented assigning multiple users to an RLS policy.
+  | `Issue #9320 <https://github.com/pgadmin-org/pgadmin4/issues/9320>`_ -  Fixed remote code execution vulnerability when restoring PLAIN-format SQL dumps in server mode (CVE-2025-12762).
\ No newline at end of file

@@ -10,6 +10,7 @@
 """Implements Restore Utility"""
 
 import json
+import re
 
 from flask import render_template, request, current_app, Response
 from flask_babel import gettext as _
@@ -374,7 +375,38 @@ def use_restore_utility(data, manager, server, driver, conn, filepath):
     return None, utility, args
 
 
+def has_meta_commands(path, chunk_size=8 * 1024 * 1024):
+    """
+    Quickly detect lines starting with '\' in large SQL files.
+    Works even when lines cross chunk boundaries.
+    """
+    # Look for start-of-line pattern: beginning or after newline,
+    # optional spaces, then backslash
+    pattern = re.compile(br'(^|\n)[ \t]*\\')
+
+    with open(path, "rb") as f:
+        prev_tail = b""
+        while chunk := f.read(chunk_size):
+            data = prev_tail + chunk
+
+            # Search for pattern
+            if pattern.search(data):
+                return True
+
+            # Keep a small tail to preserve line boundary context
+            prev_tail = data[-10:]  # keep last few bytes
+
+    return False
+
+
 def use_sql_utility(data, manager, server, filepath):
+    # Check the meta commands in file.
+    if has_meta_commands(filepath):
+        return _("Restore blocked: the selected PLAIN SQL file contains psql "
+                 "meta-commands (for example \\! or \\i). For safety, "
+                 "pgAdmin does not execute meta-commands from PLAIN restores. "
+                 "Please remove meta-commands."), None, None
+
     utility = manager.utility('sql')
     ret_val = does_utility_exist(utility)
     if ret_val: