Remote Code Execution (RCE) vulnerability discovered in pgAdmin (<9.2), a widely used administration tool for PostgreSQL databases.
To exploit this vulnerability, an authenticated user must be able to send a POST request to the pgAdmin server.
The vulnerability exists in two separate features — /sqleditor/query_tool/download</int:trans_id> and /cloud/deploy — both of which lead to RCE through the use of the eval() function.
Checkout more technical details on - https://py0zz1.tistory.com/entry/Remote-Code-Execution-Vulnerability-in-pgAdmin-CVE-2025-2945