CVE-2025-9636 — pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

Description

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

How to fix CVE-2025-9636

To remediate CVE-2025-9636, upgrade the affected package to a fixed version below.

—upgrade to 9.8 or later

Is CVE-2025-9636 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 9.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-9636
PATCHgithub.com/pgadmin-org/pgadmin4
WEBgithub.com/pgadmin-org/pgadmin4/commit/cdeb18fcbb139a200b5a4779c82f9cd1aaaf3c89
WEBgithub.com/pgadmin-org/pgadmin4/issues/9114