The vulnerability, designated CVE-2025-12762, arises from improper handling of code injection during server-mode restores from PLAIN-format dump files in pgAdmin4. Attackers can exploit this flaw with low privileges to inject malicious commands, leveraging the tool’s execution of system-level operations. Rated critical by the National Vulnerability Database, it has a CVSS score of 9.3 out of 10, highlighting its low complexity and significant confidentiality impacts.
Prompt action is required as developers have addressed the issue with a fix in version 10.0. Organizations running affected versions should prioritize upgrades and consider disabling PLAIN-format restores, especially in enterprise setups handling untrusted data. This incident serves as a critical reminder of the need for stringent input validation in database management tools, drawing awareness to potential risks in the DevOps environment where such vulnerabilities can have cascading effects.
👉 Pročitaj original: Cyber Security News
