PgAdmin Security Update Advisory

Overview

 

We have released a security update to address a vulnerability in pgAdmin 4. Affected product users are advised to update to the latest version.
 

 

Affected Products

 

 

CVE-2025-2945, CVE-2025-2946

 

PgAdmin 4 Versions: 9.1 and earlier

 

 

Resolved Vulnerabilities

 

Vulnerability allowing remote code execution due to insecurely passed parameters (CVE-2025-2945)
Cross-site scripting vulnerability via arbitrary HTML/JavaScript (CVE_2025-2946)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2025-2945, CVE-2025-2946

 

PgAdmin 4 version: 9.2

 

 

References
[1] Remote Code Execution Vulnerability with Query Tool and Cloud Deployment (CVE-2025-2945)
https://github.com/pgadmin-org/pgadmin4/issues/8603
[2] XSS Vulnerability in Query tool and View/Edit Data executing HTML/Javascript code on rendering of result grid. (CVE-2025-2946)
https://github.com/pgadmin-org/pgadmin4/issues/8602