CVE-2025-2945

CRITICAL LAB

pgAdmin Query Tool authenticated RCE (CVE-2025-2945)

Title source: metasploit

Exploitation Summary

EIP tracks 7 public exploits for CVE-2025-2945. PoCs published by Cycloctane, abrewer251, ExtremeUday, including Metasploit module exploits/multi/http/pgadmin_query_tool_authenticated.

AI-analyzed exploit summary This is a Python-based exploit for CVE-2025-2945, an authenticated RCE vulnerability in pgAdmin4 versions 8.10 to 9.1. It leverages the query tool functionality to execute arbitrary Python code on the target system.

Description

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.

Exploits (7)

nomisec WORKING POC 6 stars

by Cycloctane · poc

https://github.com/Cycloctane/cve-2025-2945-poc

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2025-2945, an authenticated RCE vulnerability in pgAdmin4 versions 8.10 to 9.1. It leverages the query tool functionality to execute arbitrary Python code on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin4 versions 8.10 to 9.1

Auth required

Prerequisites: Valid pgAdmin4 credentials · Access to a database with valid credentials · Network access to the target pgAdmin4 instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by abrewer251 · poc

https://github.com/abrewer251/CVE-2025-2945_PgAdmin_PoC

View Code ZIP pw:eip

This repository contains a Python-based proof-of-concept exploit for CVE-2025-2945, a critical remote code execution vulnerability in pgAdmin 4 versions 8.10 through 9.1. The exploit authenticates to pgAdmin, initializes the Query Tool, and leverages an unsafe `eval()` call to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin 4 versions 8.10 to 9.1

Auth required

Prerequisites: Valid pgAdmin credentials · Network access to the target pgAdmin instance · Python 3.7+ with `requests` and `faker` libraries

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by ExtremeUday · poc

https://github.com/ExtremeUday/CVE-2025-2945-pgAdmin4-Authenticated-RCE-PoC-

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2025-2945, an authenticated remote code execution vulnerability in pgAdmin4 versions 8.10 to 9.1. The exploit abuses the SQL Editor initialization flow to execute arbitrary commands via a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin4 (8.10 to 9.1)

Auth required

Prerequisites: Valid pgAdmin4 credentials · Access to the SQL Editor · Valid database credentials · Network access to the target pgAdmin4 instance

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by plur1bu5 · poc

https://github.com/plur1bu5/CVE-2025-2945-pgadmin-rce

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-2945, an authenticated RCE vulnerability in pgAdmin 4 versions 8.10 through 9.1. The exploit leverages an unsafe `eval()` call on the `query_commited` parameter in the `/sqleditor/query_tool/download/<trans_id>` endpoint, allowing arbitrary Python code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin 4 (versions 8.10 to 9.1)

Auth required

Prerequisites: Valid pgAdmin credentials · Valid database credentials for a registered server · Access to the target pgAdmin instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 17, 2026 Full analysis →

nomisec WORKING POC

by I3r1h0n · poc

https://github.com/I3r1h0n/pgAdminOpendoor

View Code ZIP pw:eip

This repository contains a working exploit for CVE-2025-2945, which leverages unsafe `eval()` usage in pgAdmin's `/sqleditor/query_tool/download` and `/cloud/deploy` endpoints to achieve remote code execution (RCE). The exploit authenticates to pgAdmin, identifies a valid server ID, and injects a payload via the `query_commited` parameter to execute arbitrary Python code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin4 (version not specified, but likely recent versions prior to patch)

Auth required

Prerequisites: Valid pgAdmin credentials · Access to pgAdmin web interface · Database connection details

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by manus-use · postscriptpoc

https://github.com/manus-use/cve-pocs/tree/main/pgadmin4-CVE-2025-2945

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2025-32433, an Erlang OTP SSH vulnerability, demonstrating pre-authentication remote command execution via crafted SSH packets. The PoC includes a Dockerized vulnerable environment and a Python script to trigger the exploit.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Erlang OTP SSH (OTP-22.3.4.17)

No auth needed

Prerequisites: network access to target SSH port · vulnerable Erlang OTP version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by pyozzi-toss, jheysel-r7 · rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/pgadmin_query_tool_authenticated.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated RCE vulnerability in pgAdmin (CVE-2025-2945) by leveraging a Python eval() statement in the query_commited parameter. It requires valid pgAdmin and database credentials to initialize a session and obtain a transaction ID.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pgAdmin versions prior to 9.2

Auth required

Prerequisites: Valid pgAdmin credentials · Valid database credentials · Access to the query tool component

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking issue-tracking

https://github.com/pgadmin-org/pgadmin4/issues/8603

Scores

CVSS v3 9.9

EPSS 0.8249

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull dpage/pgadmin4:9.1

https://github.com/abrewer251/CVE-2025-2945_PgAdmin_PoC

https://github.com/Cycloctane/cve-2025-2945-poc

https://github.com/I3r1h0n/pgAdminOpendoor

+4 more repos

View in Library

Details

CWE

CWE-94

Status published

Products (2)

pgadmin/pgadmin_4 < 9.2

pypi/pgadmin4 0 - 9.2PyPI

Published Apr 03, 2025

Tracked Since Feb 18, 2026