[VULNERABILITY ALERT] PostgreSQL GUI Tool pgAdmin Contains High-Risk Security Vulnerability (CVE-2025-13780), Please Verify and Patch Immediately

• Subject: [VULNERABILITY ALERT] PostgreSQL GUI Tool pgAdmin Contains High-Risk Security Vulnerability (CVE-2025-13780), Please Verify and Patch Immediately

• Content Description:
  • Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202601-00000012
  • Researchers have discovered a Code Injection vulnerability (CVE-2025-13780) in the PostgreSQL graphical interface tool pgAdmin. When the system is in Server Mode, a remote attacker with standard permissions can upload a specially crafted malicious backup file. Subsequently, when the restore function for PLAIN format backup files is triggered, the system will parse the malicious backup file, leading to arbitrary code execution on the pgAdmin host. Please verify and patch as soon as possible.
• Affected Platforms:
  • pgAdmin versions 9.10 and earlier
• Recommended Actions:
  • Update pgAdmin to version 9.11 or later
• Reference Material:
  1. https://nvd.nist.gov/vuln/detail/CVE-2025-13780
  2. https://www.endorlabs.com/learn/when-regex-isnt-enough-how-we-discovered-cve-2025-13780-in-pgadmin

Computer and Communication Center
Network Systems Division, Respectfully