CVE-2025-9636Origin Validation Error in Pgadmin 4

CWE-346Origin Validation Error4 documents4 sources
Severity
7.9HIGHNVD
EPSS
0.0%
top 93.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pgadmin.org Pgadmin 4Pgadmin 4
Timeline
PublishedSep 4
Latest updateSep 5

Description

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:LExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5pgadmin.org/pgadmin_4< 9.8

🔴Vulnerability Details

3
GHSA
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability2025-09-05
OSV
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability2025-09-05
CVEList
Cross-Origin Opener Policy Vulnerability in pgAdmin 42025-09-04
CVE-2025-9636 — Origin Validation Error in Pgadmin 4 | cvebase