Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

Published

2025-11-13T13:15:44.777

Last Modified

2025-12-01T20:15:49.517

Status

Modified

Source

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-78
Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pgadmin	pgadmin_4	< 9.10	Yes
Operating System	microsoft	windows	-	No

References

https://github.com/pgadmin-org/pgadmin4/issues/9323 Issue Tracking, Vendor Advisory (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007)