A critical vulnerability in pgAdmin4, the popular PostgreSQL management tool, allows attackers to execute remote code on servers. CVE-2025-12762 affects versions up to 9.9 and scores 9.3 out of 10 on the severity scale.
The flaw occurs when pgAdmin processes PLAIN-format dump files during database restores. Attackers can craft malicious dump files that inject commands, exploiting the tool's system-level operations. Even low-privilege users can trigger this vulnerability with minimal effort.
The pgAdmin team fixed the issue in version 10.0. Organizations should upgrade immediately, especially those running pgAdmin in server mode or handling external database dumps.
Source: Cyber Security News