【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in the PostgreSQL Graphical Management Tool pgAdmin (CVE-2025-13780). Please promptly verify and apply the necessary fixes.
publish date :
2026-01-12
update date :
2026-01-12
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026010508014343 | Publication Time | 2026/01/05 08:58 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/01/05 08:58 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in the PostgreSQL Graphical Management Tool pgAdmin (CVE-2025-13780). Please promptly verify and apply the necessary fixes. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202601-00000012 Researchers have discovered a Code Injection vulnerability (CVE-2025-13780) in the PostgreSQL graphical management tool pgAdmin. When the system is operating in Server Mode, a remote attacker with general privileges can upload a specially crafted malicious backup file. Subsequently, when the PLAIN format backup restore function is triggered, the system parses the crafted backup file, thereby executing arbitrary code on the pgAdmin host. Please promptly verify and apply the necessary fixes. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] pgAdmin versions 9.10 and earlier |
|||
| [Recommended Actions] Update pgAdmin to version 9.11 or later. |
|||
|
[Reference] 2. https://www.endorlabs.com/learn/when-regex-isnt-enough-how-we-discovered-cve-2025-13780-in-pgadmin |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center