{"uuid": "88872860-0e96-4956-b1a1-d4c5d5aafb07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2945", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10196", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2945\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Remote Code Execution security vulnerability in pgAdmin 4  (Query Tool and Cloud Deployment modules).\n\nThe vulnerability is associated with the 2 POST endpoints;\u00a0/sqleditor/query_tool/download, where the query_commited parameter and\u00a0/cloud/deploy endpoint, where the high_availability parameter is\u00a0unsafely passed to the Python eval() function, allowing arbitrary code execution.\n\n\nThis issue affects pgAdmin 4: before 9.2.\n\ud83d\udccf Published: 2025-04-03T12:23:14.792Z\n\ud83d\udccf Modified: 2025-04-03T12:23:14.792Z\n\ud83d\udd17 References:\n1. https://github.com/pgadmin-org/pgadmin4/issues/8603", "creation_timestamp": "2025-04-03T12:35:05.000000Z"}