CVE-2025-2945

Published Apr 3, 2025

Last updated 25 days ago

CVSS critical 9.9
pgAdmin

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-2945 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin 4 versions prior to 9.2, specifically impacting the Query Tool and Cloud Deployment modules. The vulnerability stems from the insecure handling of user-supplied parameters in two POST endpoints: `/sqleditor/query_tool/download` and `/cloud/deploy`. In these endpoints, the `query_commited` and `high_availability` parameters are passed directly to Python's `eval()` function without proper sanitization. This allows attackers to inject and execute arbitrary code on the server, potentially leading to complete system compromise.

Description
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score
Not currently trending

  1. ⁦@CISAgov⁩ CVE-2025-2945, a severe Remote Code Execution #RCE vulnerability with a CVSS score of #9.9 indicating the highest level of severity. https://t.co/ab4Umz7d7W

    @dateTampaAngel

    13 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی برای برنامه pgAdmin که برنامه مدیریت دیتا بیس postgresql می باشد ، آسیب پذیری با کد شناسایی CVE-2025-2945 و از نوع RCE منتشر شده است. نسخه های قبل از 9.1 دارای این آسیب پذیری می باشند و هکرها با ایجاد API های مخرب می توانند کامند اجرا کنند. https://t.co/Poz3aKYxT1 https:

    @AmirHossein_sec

    11 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 ALERTĂ - CVE-2025-2945 - Vulnerabilitate critică de securitate cibernetică identificată la nivelul pgAdmin 💡 O vulnerabilitate critică de execuție de cod la distanță (RCE), identificată ca CVE-2025-2945, aplicabilă pentru modulele PostgreSQL Query Tool și Cloud Deployment, h

    @DNSC_RO

    9 Apr 2025

    104 Impressions

    3 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. #pgAdmin: Critical pgAdmin #RCE Vulnerability CVE-2025-2945 (CVSS score 9.9) Let Attackers Execute Remote Code - untrusted user input is passed directly to Python’s eval() function 🤦: 👇 https://t.co/CsNCX2fzYd

    @securestep9

    8 Apr 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Remote Code Execution Vulnerability in pgAdmin (CVE-2025-2945) :: Py0zz1 W0r1d https://t.co/hRb4vI6Qte

    @akaclandestine

    8 Apr 2025

    1963 Impressions

    12 Retweets

    28 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  6. Vulnerabilidad de seguridad crítica en pgAdmin 4, la herramienta de gestión más utilizada para bases de datos PostgreSQL ⚠️ CVE-2025-2945, una grave vulnerabilidad de ejecución remota de código (RCE) con una puntuación CVSS de 9,9 https://t.co/LCd3vuUnGL https://t.co/utGSIZUN2C

    @elhackernet

    8 Apr 2025

    4152 Impressions

    50 Retweets

    80 Likes

    21 Bookmarks

    0 Replies

    0 Quotes

  7. آسیب پذیری بحرانی RCE در pgAdmin4 آسیب پذیری با شناسه ی CVE-2025-2945 در pgAdmin 4 گزارش و اصلاح شده که امکان اجرای کد دلخواه رو به مهاجم میده. https://t.co/bkp2fDRbJo #آسیب_پذیری_امنیتی #RCE #CVE #pgAdmin4

    @onhexgroup

    8 Apr 2025

    146 Impressions

    0 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. DB管理ツール「pgAdmin」に深刻な脆弱性 - アップデートで修正:Security NEXT https://t.co/5ramhJ84XR ”ユーザー入力を適切に処理せず、外部から任意のコードが実行可能となる…「CVSSv3.1」のベーススコアは、「CVE-2025-2945」が最高値である「10.0」”

    @catnap707

    8 Apr 2025

    171 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️ A critical RCE vulnerability (CVE-2025-2945) in pgAdmin has been patched in v9.2. If you're using v9.1 or earlier, update now. Exploitable via malicious API calls. Details: https://t.co/8oXgsBNReT #cybersecurity #PostgreSQL #pgAdmin #infosec

    @threatsbank

    8 Apr 2025

    12 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-2945 is a critical remote code execution vulnerability affecting pgAdmin 4. Organizations using pgAdmin 4 should upgrade immediately to version 9.2 or later. #ThreatIntel #RedLeggCTI #pgAdmin https://t.co/7Ozkrffuqa

    @RedLegg

    7 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-2945: Remote Code Execution in pgAdmin 4 https://t.co/sYjzyHbn2f

    @_cvereports

    7 Apr 2025

    11 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A severe Remote Code Execution (RCE) vulnerability in pgAdmin (CVE-2025-2945), the popular PostgreSQL database management tool, has been patched after researchers discovered attackers could hijack servers through malicious API requests. #cybersecurity https://t.co/6sm4Oe7yeU

    @cybertzar

    7 Apr 2025

    16 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ⚠️⚠️ CVE-2025-2945 Remote Code Execution Vulnerability in pgAdmin 🎯41k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥PoC: https://t.co/l7BSR2N6AP 🔗FOFA Link:https://t.co/NffRvKC86h FOFA Query:body="pg-sp-content" && title="pgAdmin 4" #OSINT #FOFA

    @fofabot

    7 Apr 2025

    4663 Impressions

    45 Retweets

    113 Likes

    57 Bookmarks

    0 Replies

    0 Quotes

  14. ⚡️The vulnerability details are now available: https://t.co/Yzdm11XElK 🚨🚨pgAdmin 4 Critical Vulnerabilities CVE-2025-2945 (9.9): A wide-open gate to Remote Code Execution—hackers could own your database! CVE-2025-2946 (9.1): XSS attacks lurking in malicious query results, h

    @zoomeye_team

    7 Apr 2025

    1726 Impressions

    3 Retweets

    17 Likes

    10 Bookmarks

    0 Replies

    1 Quote

  15. 🚨 CVE-2025-2945 ⚠️🔴 CRITICAL (9.9) 🏢 https://t.co/EhTSUykEQG - pgAdmin 4 🏗️ 0 🔗 https://t.co/BebFVRMnYl #CyberCron #VulnAlert #InfoSec https://t.co/hFdWZWxVmI

    @cybercronai

    5 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqled… https://t.co/oET2nzittS

    @CVEnew

    3 Apr 2025

    632 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. [CVE-2025-2945: CRITICAL] Critical Remote Code Execution vulnerability discovered in pgAdmin 4 before 9.2. Attackers can execute arbitrary code through POST endpoints. Update immediately to stay secure.#cybersecurity,#vulnerability https://t.co/3T9NiN1Aql https://t.co/qLcVPw6pJN

    @CveFindCom

    3 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References