Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.

Published

2025-04-03T13:15:43.240

Last Modified

2025-09-17T18:04:10.100

Status

Analyzed

Source

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pgadmin	pgadmin_4	< 9.2	Yes

References

https://github.com/pgadmin-org/pgadmin4/issues/8603 Exploit, Issue Tracking (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007)