CVE-2025-9636
published 2025-09-04CVE-2025-9636: pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow…
PriorityP344high7.9CVSS 3.1
AVNACHPRLUIRSCCHIHAL
EPSS
0.21%
11.6th percentile
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pgadmin.org | pgadmin_4 | < 9.8 | 9.8 |
| pgadmin | pgadmin_4 | <= 9.7 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
ghsa·2025-09-05
CVE-2025-9636 [HIGH] CWE-346 pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
OSV
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
osv·2025-09-05
CVE-2025-9636 [HIGH] pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published