VDB
WID-SEC-W-2025-0708
WID-SEC-W-2025-0708
PUBLISHED
CVSS 9.300000190734863 CRITICAL
pgAdmin ist eine Verwaltungs- und Entwicklungsplattform für die PostgreSQL-Datenbank.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedora Linux | ||
| Open Source pgAdmin <v9.2 | ||
| SUSE openSUSE | ||
| Open Source pgAdmin v9.2 |
Exploit Intelligence
- Authenticated RCE in pgAdmin 4 (8.10–9.1) via eval() injection in the Query Tool. This is an updated PoC with compatibility fixes for pgAdmin 9.x auth changes (github-poc-repo)
- Authenticated RCE in pgAdmin 4 (8.10–9.1) via eval() injection in the Query Tool. This is an updated PoC with compatibility fixes for pgAdmin 9.x auth changes (github-poc)
- ExtremeUday/CVE-2025-2945-pgAdmin4-Authenticated-RCE-PoC- (github-poc)
- Exploit and test stand for CVE-2025-2945 (github-poc)
- Python PoC script for pgAdmin4 Query Tool RCE (CVE-2025-2945) (github-poc)
- pgAdmin Proof of Concept (github-poc)
- https://github.com/advisories/GHSA-g73c-fw68-pwx3 (circl)
- https://github.com/I3r1h0n/pgAdminOpendoor/tree/main (circl)
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0708.json (circl)
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-49d6f62c0e (circl)
…and 8 more exploits
Timeline
- Apr 3, 2025 CVE Published
- Nov 11, 2025 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0708.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0708 advisory
- http://www.pgadmin.org/news/#109 url
- https://github.com/advisories/GHSA-g73c-fw68-pwx3 url
- https://github.com/advisories/GHSA-2rrx-pphc-qfv9 url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BYON52PV4P44MGBG55FDOG2SP2G266ZO/ url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-49d6f62c0e url
- https://github.com/I3r1h0n/pgAdminOpendoor/tree/main url