CVE-2025-12764LDAP Injection in Pgadmin 4

CWE-90LDAP Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 79.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pgadmin.org Pgadmin 4Pgadmin 4
Timeline
PublishedNov 13

Description

pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDpgadmin/pgadmin_4< 9.10
CVEListV5pgadmin.org/pgadmin_4< 9.10

🔴Vulnerability Details

3
CVEList
pgAdmin 4: LDAP injection vulnerability in LDAP authentication flow.2025-11-13
OSV
pgAdmin is affected by an LDAP injection vulnerability2025-11-13
GHSA
pgAdmin is affected by an LDAP injection vulnerability2025-11-13
CVE-2025-12764 — LDAP Injection in Pgadmin 4 | cvebase