CVE-2025-2945
pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).
The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.
This issue affects pgAdmin 4: before 9.2.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
pgadmin.org · pgAdmin 4PoCs públicas encontradas — 5
githubgithub.com/Cycloctane/cve-2025-2945-poc★ 7githubgithub.com/abrewer251/CVE-2025-2945_PgAdmin_PoC★ 3githubgithub.com/ExtremeUday/CVE-2025-2945-pgAdmin4-Authenticated-RCE-PoC-★ 2githubgithub.com/I3r1h0n/pgAdminOpendoor★ 0githubgithub.com/plur1bu5/CVE-2025-2945-pgadmin-rce★ 0⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →