CVE-2025-12762

CriticalRCE

Published: 13 November 2025

Published

13 November 2025

Modified

01 December 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

EPSS Score 0.0017 38.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12762 is a critical-severity Code Injection (CWE-94) vulnerability in Pgadmin Pgadmin 4. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of flaws, directly mitigating this RCE vulnerability by mandating patching of the insecure pgAdmin restore function.

SI-10 Information Input Validation good match

prevent

SI-10 enforces input validation at system entry points, preventing command injection during processing of PLAIN-format dump files in pgAdmin restores.

CM-7 Least Functionality partial match

prevent

CM-7 least functionality restricts or prohibits unsafe features like PLAIN-format restores in pgAdmin server mode, reducing the attack surface for RCE.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-12762 enables remote code execution via command injection in pgAdmin server mode during restore operations from malicious PLAIN dump files, directly facilitating T1190 (Exploit Public-Facing Application) as pgAdmin operates as a network-accessible web-based management application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the…

server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

Deeper analysisAI

CVE-2025-12762 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin versions up to and including 9.9. The flaw occurs when pgAdmin is running in server mode and performing restores from PLAIN-format dump files, enabling attackers to inject and execute arbitrary commands on the server hosting pgAdmin. This poses a critical risk to the integrity and security of the database management system and underlying data, with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L) and association to CWE-94 (code injection).

The vulnerability can be exploited remotely over the network with low attack complexity and no user interaction required. It demands low privileges (PR:L), such as those of an authenticated user capable of triggering a restore operation, after which the scope changes to allow high confidentiality impact alongside low integrity and availability impacts. Successful exploitation grants attackers the ability to execute arbitrary commands on the pgAdmin host server.

Mitigation details and further advisories are available in the pgAdmin GitHub issue tracker at https://github.com/pgadmin-org/pgadmin4/issues/9320.