[Security Vulnerability Alert] The PostgreSQL graphical interface tool pgAdmin has a high-risk security vulnerability (CVE-2025-13780). Please confirm and patch it as soon as possible.

[Security Vulnerability Alert] The PostgreSQL graphical interface tool pgAdmin has a high-risk security vulnerability (CVE-2025-13780). Please confirm and patch it as soon as possible.

2026/1/6 ～ 2026/7/6

View Count：64

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202601-00000012

[Content Description]
Researchers have discovered a code injection vulnerability (CVE-2025-13780) in the PostgreSQL graphical interface tool pgAdmin. When the system is in server mode, a remote attacker with normal privileges can upload a specially crafted malicious backup file. Subsequently, when the PLAIN format backup file restoration function is triggered, the system will parse the specially crafted backup file, thereby executing arbitrary code on the pgAdmin host. Please confirm and patch this vulnerability as soon as possible.

[Affected Platforms]
pgAdmin versions 9.10 and below

[Recommended Actions]
Update pgAdmin to version 9.11 or above

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-13780
2. https://www.endorlabs.com/learn/when-regex-isnt-enough-how-we-discovered-cve-2025-13780-in-pgadmin

[Security Vulnerability Alert] The PostgreSQL graphical interface tool pgAdmin has a high-risk security vulnerability (CVE-2025-13780). Please confirm and patch it as soon as possible.

2026/1/6 ～ 2026/7/6

View Count：64

Files

參考資料1

參考資料2

【Back】

[Security Vulnerability Alert] The PostgreSQL graphical interface tool pgAdmin has a high-risk security vulnerability (CVE-2025-13780). Please confirm and patch it as soon as possible.

2026/1/6 ～ 2026/7/6

View Count：64

Files

system_update_alt參考資料1

system_update_alt參考資料2

【Back】

參考資料1

參考資料2