Critical severityNVD Advisory· Published Apr 3, 2025· Updated Feb 26, 2026
pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
CVE-2025-2945
Description
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).
The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.
This issue affects pgAdmin 4: before 9.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 9.2 | 9.2 |
Affected products
3- ghsa-coords2 versions
< 9.2+ 1 more
- (no CPE)range: < 9.2
- (no CPE)range: < 9.2-1.1
- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g73c-fw68-pwx3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-2945ghsaADVISORY
- github.com/pgadmin-org/pgadmin4/commit/75be0bc22d3d8d7620711835db817bd7c021007cghsaWEB
- github.com/pgadmin-org/pgadmin4/issues/8603ghsaissue-trackingWEB
News mentions
0No linked articles in our index yet.