Cyber Resilience

CVE-2022-4223

HighRCE

Published: 13 December 2022

Published
13 December 2022
Modified
14 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8701 99.5th percentile
Risk Priority 70 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4223 is a high-severity Code Injection (CWE-94) vulnerability in Pgadmin Pgadmin 4. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability affects the pgAdmin server in versions prior to 6.17. An HTTP API intended only for validating paths to external PostgreSQL utilities such as pg_dump and pg_restore was insufficiently secured. The server invokes the named utility to identify its PostgreSQL version, but the API accepted arbitrary paths supplied by callers, including UNC paths pointing to attacker-controlled locations on Windows systems.

An unauthenticated remote attacker can invoke the API with a malicious path containing an appropriately named executable. Successful exploitation results in the pgAdmin server executing attacker-supplied code, yielding remote code execution with the privileges of the pgAdmin process. The issue is tracked under CWE-94 and CWE-862 and carries a CVSS 3.1 base score of 8.8.

Public references, including the pgAdmin GitHub issue tracker and Fedora package-announce lists, document the flaw and point to the availability of patched builds beginning with version 6.17. The current EPSS score of 0.8701 (peak 0.8898) indicates sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL…

more

version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

pgadmin
pgadmin 4
≤ 6.17
fedoraproject
fedora
37

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-862

Requiring an access control policy ensures authorization checks are defined and applied for critical functions.

addresses: CWE-862

Reviews of access controls detect missing authorization checks on critical functions or resources.

addresses: CWE-862

Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.

addresses: CWE-862

Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.

addresses: CWE-862

Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.

addresses: CWE-862

Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.

addresses: CWE-862

The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.

addresses: CWE-862

Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.

References