CVE-2025-2945 in pgAdmin 4
요약
\~에 의해 MITRE • 2025. 04. 03.
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).
The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.
This issue affects pgAdmin 4: before 9.2.
If you want to get best quality of vulnerability data, you may have to visit VulDB.