Critical flaw in pgAdmin 4 allows remote code execution
Take action: If you're running pgAdmin 4 in server mode, plan a quick update to version and upgrade to 9.11 or later. All previous versions allow attackers to execute shell commands on your server through malicious database restore files. It's not critical because users still need privileges on pgAdmin, but those can be breached. So don't ignore this one.
Learn More
A critical security vulnerability is reported in pgAdmin 4, the world's most popular open-source management tool for PostgreSQL databases.
The flaw is tracked as CVE-2025-13780 (CVSS score 9.1), enables attackers to execute arbitrary shell commands on the host server through a filter bypass technique. The vulnerability is caused by a flaw in how pgAdmin 4 validates database restoration files. When users restore a database from a PLAIN-format SQL dump file, pgAdmin launches the psql command-line utility to process the data. Because psql supports powerful meta-commands that can execute operating system commands, pgAdmin attempted to prevent abuse by implementing a regular expression (regex) filter designed to detect and block dangerous commands such as \! which executes shell scripts.
Researchers from EndorLabs discovered that this regex-based security mechanism was insufficient. The filter only recognized standard formatting patterns and failed to account for unexpected whitespace characters, particularly UTF-8 Byte Order Mark (BOM) characters and other non-standard whitespace such as carriage returns or form feeds.
Attackers can exploit this parsing mismatch by crafting malicious SQL dump files that contain dangerous meta-commands preceded by these special whitespace characters. When pgAdmin's regex filter scans the file, it encounters the BOM bytes or other non-standard whitespace first and fails to recognize them as ignorable characters. The filter doesn't detect the dangerous commands hidden after these bytes and assumes the file is safe. When pgAdmin subsequently passes the file to the psql utility using the --file argument, psql's text encoding handling automatically strips away these whitespace characters, executing the attacker's payload. This allows authenticated users to execute arbitrary commands with the privileges of the user running the pgAdmin server, potentially leading to complete server compromise and full system takeover.
The vulnerability affects all pgAdmin 4 versions up to 9.10 when operating in server mode.
The pgAdmin development team released version 9.11 on December 10, 2025, which changes the security approach for handling database restoration operations. Instead of attempting to scan files for every possible dangerous pattern using regex filters, the new version implements the \restrict command directive when launching psql for PLAIN-format restores.
This feature instructs psql to disable all hazardous operations during the restore process, including meta-commands that can execute shell commands or spawn system processes.
Organizations running pgAdmin 4 in server mode should immediately verify their version and upgrade to version 9.11 or later. Users can check their current pgAdmin version through the application interface or by consulting the system administrator.
