CVE-2025-2945
pgAdmin 4 Vulnerable to Remote Code Execution
9.9
CRITICAL
CVSS 3.1
EPSS 82.5%
Description
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.
How to fix CVE-2025-2945
To remediate CVE-2025-2945, upgrade the affected package to a fixed version below.
- —upgrade to 9.2 or later
Is CVE-2025-2945 being exploited?
Likely — EPSS is 82.5%, placing CVE-2025-2945 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 9.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |