High severityNVD Advisory· Published Sep 4, 2025· Updated Feb 26, 2026
Cross-Origin Opener Policy Vulnerability in pgAdmin 4
CVE-2025-9636
Description
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 9.8 | 9.8 |
Affected products
16- ghsa-coords15 versionspkg:pypi/pgadmin4pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 9.8+ 14 more
- (no CPE)range: < 9.8
- (no CPE)range: < 8.5-150600.3.15.1
- (no CPE)range: < 9.8-1.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 8.5-150600.3.15.1
- (no CPE)range: < 8.5-150600.3.15.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- (no CPE)range: < 4.30-150300.3.24.1
- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6859-2qxq-ffv2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-9636ghsaADVISORY
- github.com/pgadmin-org/pgadmin4/commit/cdeb18fcbb139a200b5a4779c82f9cd1aaaf3c89ghsaWEB
- github.com/pgadmin-org/pgadmin4/issues/9114ghsaissue-trackingWEB
News mentions
0No linked articles in our index yet.