CVE-2025-12763
HIGH EPSS 49.9%
Published Nov 13, 20257mo ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
Published Nov 13, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago
Description
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
49.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-78 OS Command Injection Injection
Affected Products 2
References 1
- github.com https://github.com/pgadmin-org/pgadmin4/issues/9323
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.