CVE-2025-2945

This is a Python-based exploit for CVE-2025-2945, an authenticated RCE vulnerability in pgAdmin4 versions 8.10 to 9.1. It leverages the query tool functionality to execute arbitrary Python code on the target system.

This repository contains a Python-based proof-of-concept exploit for CVE-2025-2945, a critical remote code execution vulnerability in pgAdmin 4 versions 8.10 through 9.1. The exploit authenticates to pgAdmin, initializes the Query Tool, and leverages an unsafe `eval()` call to achieve arbitrary code execution.

This repository contains a functional proof-of-concept exploit for CVE-2025-2945, an authenticated remote code execution vulnerability in pgAdmin4 versions 8.10 to 9.1. The exploit abuses the SQL Editor initialization flow to execute arbitrary commands via a reverse shell payload.

This repository contains functional exploit code for CVE-2025-32433, an Erlang OTP SSH vulnerability, demonstrating pre-authentication remote command execution via crafted SSH packets. The PoC includes a Dockerized vulnerable environment and a Python script to trigger the exploit.

This repository contains a working exploit for CVE-2025-2945, which leverages unsafe `eval()` usage in pgAdmin's `/sqleditor/query_tool/download` and `/cloud/deploy` endpoints to achieve remote code execution (RCE). The exploit authenticates to pgAdmin, identifies a valid server ID, and injects a payload via the `query_commited` parameter to execute arbitrary Python code.

This Metasploit module exploits an authenticated RCE vulnerability in pgAdmin (CVE-2025-2945) by leveraging a Python eval() statement in the query_commited parameter. It requires valid pgAdmin and database credentials to initialize a session and obtain a transaction ID.