By rssfeeds-admin Tracked as CVE-2025-9636, this vulnerability affects all pgAdmin versions up to 9.7 and can be exploited during the OAuth authentication flow by manipulating COOP headers.
Through carefully crafted requests, attackers can bypass browser isolation policies and hijack active sessions, potentially granting unauthorized access to sensitive data or escalating privileges to achieve full account takeover.
Such exploitation threatens the confidentiality and integrity of critical database infrastructure. pgAdmin4 is commonly used for administrative operations—including configuration changes, query execution, backups, and user management—making a successful attack particularly impactful.
Although the flaw only moderately impacts availability, the disruption of trusted access can severely undermine operational reliability and expose organizations to downstream cyberattacks.
Vulnerability Impact and Exploitation
The COOP vulnerability requires user interaction, such as clicking a malicious link or visiting a compromised page while authenticated to pgAdmin4.
Once the COOP policy is bypassed, the attacker’s origin gains undue access to the pgAdmin4 context, allowing session tokens to be stolen or OAuth tokens to be exchanged illicitly. Consequences include:
- Data Theft: Extraction of sensitive database credentials, schema details, and stored data.
- Data Corruption: Unauthorized execution of queries that modify or delete database contents.
- Privilege Escalation: Creation or elevation of administrative accounts for persistent access.
- Infrastructure Takeover: Full compromise of database servers and connected applications.
CVE Details
| Field | Details |
|---|---|
| CVE ID | CVE-2025-9636 |
| GitHub Advisory | GHSA-6859-2qxq-ffv2 |
| Severity | High |
| Affected Versions | pgAdmin ≤ 9.7 |
| Patched Version | 9.8 |
| Vulnerability Type | Cross-Origin Opener Policy (COOP) flaw |
Mitigation Steps
- Immediate Upgrade: Update all pgAdmin4 installations to version 9.8.
- Session Review: Invalidate existing sessions and tokens to block potential hijacked sessions.
- Credential Rotation: Rotate any API keys or stored passwords used in pgAdmin4 to prevent replay attacks.
- Access Auditing: Examine access logs for any anomalous authentication attempts or token exchanges.
- Network Controls: Restrict pgAdmin4 access to trusted IP ranges or VPN-only connections to reduce exposure.
Security researchers caution that although exploitation demands a high level of sophistication, targeted attackers—especially state-sponsored groups—may employ this flaw to breach enterprise environments.
Maintaining an updated pgAdmin4 deployment and continuous monitoring of authentication and session logs are essential defenses against COOP-based threats.
As enterprises increasingly rely on PostgreSQL for business-critical workloads, the importance of prompt patch management and architectural vigilance cannot be overstated.
Organizations that delay upgrading risk leaving their database infrastructure vulnerable to unauthorized access, data breaches, and full system compromise.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post PgAdmin Vulnerability Enables Unauthorized Account Access appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.