216.73.216.75

CVE-2025-12763

· Published 13/11/2025 13:15 · Modified 01/12/2025 20:15

Labels: CVE-2025-12763 2025-11-13CVE-2025-12763CWE-78f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Essential information

Published
13/11/2025 13:15
Modified
01/12/2025 20:15
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD
View on NVD

Affected products (CPE)

ProductCPE
pgadmin / pgadmin 4 cpe:2.3:a:pgadmin:pgadmin_4:*:*:*:*:*:postgresql:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References