Main Vulnerability Database Exploits ID:11969 - Exploit for Code Injection in pgAdmin - CVE-2025-2945

ID:11969 - Exploit for Code Injection in pgAdmin - CVE-2025-2945

Published: September 19, 2025

Vulnerability identifier: #VU107018

Vulnerability risk: Medium

CVE-ID: CVE-2025-2945

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
pgAdmin

Link to public exploit:

https://github.com/Cycloctane/cve-2025-2945-poc

Vulnerability description

The vulnerability allows a remote user to execute arbitrary Python code on the system.

The vulnerability exists due to usage of en insecure eval() expression within the in the Query Tool and Cloud Deployment features in web/pgadmin/tools/sqleditor/__init__.py and web/pgacloud/providers/google.py file. A remote user can send a specially crafted HTTP POST request and execute arbitrary Python code on the server.

Remediation

Install updates from vendor's website.

ID:11969 - Exploit for Code Injection in pgAdmin - CVE-2025-2945

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human