Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Remote Code Execution in PostgreSQL, Patch Immediately!
Image
Published : 14/11/2025
- Last update: 14-11-2025
- Affected software:
→ pgAdmin <= 9.9- Type: Remote Code Execution
- CVE/CVSS
→ CVE-2025-12762: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)
→ CVE-2025-12764: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2025-12765: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Sources
https://github.com/pgadmin-org/pgadmin4/issues/9320
https://github.com/pgadmin-org/pgadmin4/issues/9324
https://github.com/pgadmin-org/pgadmin4/issues/9325
Risks
Newly discovered vulnerabilities in PostgreSQL pgAdmin allow attackers to remotely execute code, potentially exposing sensitive company data and disrupting operations.
pgAdmin is a widely used administration and management platform for PostgreSQL databases, providing organizations with powerful capabilities to configure, monitor, and maintain database environments across development and production ecosystems.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A series of critical vulnerabilities: CVE-2025-12764, CVE-2025-12765, and CVE-2025-12762 has been identified in pgAdmin versions up to and including 9.9. These flaws span multiple attack vectors, including LDAP injection, TLS certificate verification bypass, and remote code execution. Together, they introduce significant risks that can compromise authentication integrity, expose sensitive systems, and allow attackers to execute arbitrary commands on servers running pgAdmin.
In affected versions, CVE-2025-12764 enables attackers to inject special LDAP characters into the username during authentication, causing the LDAP or domain controller to process unusually large amounts of data, ultimately leading to denial-of-service conditions.
CVE-2025-12765 compromises the security of the LDAP authentication mechanism by allowing attackers to bypass TLS certificate verification, undermining encrypted communication integrity. Most critically.
CVE-2025-12762 exposes systems running pgAdmin in server mode to remote code execution when restoring PLAIN-format dump files, enabling attackers to inject and run arbitrary commands on the underlying host.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://github.com/pgadmin-org/pgadmin4/issues/9320
https://github.com/pgadmin-org/pgadmin4/issues/9324
https://github.com/pgadmin-org/pgadmin4/issues/9325