Cybersecurity alert for pgAdmin4 authentication bypass vulnerability

A high-severity security flaw (CVE-2025-9636) has been discovered in pgAdmin4, the popular open-source PostgreSQL management tool, affecting all versions up to 9.7. The vulnerability stems from a Cross-Origin Opener Policy (COOP) weakness that attackers can exploit during the authentication and OAuth process to bypass browser protections. This enables unauthorized users to hijack sessions, gain account access, and potentially take full control of pgAdmin accounts.

Cybersecurity alert for pgAdmin4 authentication bypass vulnerabilityCybersecurity alert for pgAdmin4 authentication bypass vulnerability

Successful exploitation could lead to sensitive data exposure, privilege escalation, and compromise of critical database infrastructure. Given pgAdmin’s central role in managing PostgreSQL environments, the impact on confidentiality and integrity is severe.

Cybersecurity alert for pgAdmin4 authentication bypass vulnerabilityCybersecurity alert for pgAdmin4 authentication bypass vulnerability

The pgAdmin development team has promptly addressed the issue by releasing version 9.8 with the necessary security patches. Users and organizations are strongly advised to upgrade immediately. Additionally, administrators should audit access logs, review active sessions, and rotate credentials to mitigate any risks from prior unauthorized access.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security