CVSS Score: 9.9 (Critical)
Identifier: CVE-2025-2945
Exploit or Proof of Concept (PoC): Yes, active exploitation of this vulnerability has been observed in the wild.
Update: CVE-2025-2945 – pgAdmin Security Advisory
Description: CVE-2025-2945 is a critical remote code execution vulnerability affecting pgAdmin 4, a widely used open-source administration and management tool for PostgreSQL databases. The flaw exists in versions prior to 9.2 and stems from insecure handling of user input in specific application components. A low-privileged authenticated user could exploit this issue to execute arbitrary commands on the server running pgAdmin, potentially resulting in full system compromise.
Mitigation Recommendation: Organizations using pgAdmin 4 should upgrade immediately to version 9.2 or later, which contains a fix for this vulnerability. Until the update can be applied, access to the application—especially from untrusted sources—should be restricted and monitored.
Note: Given the active exploitation of this vulnerability and its critical nature, immediate action is essential to protect affected systems from potential compromise.