Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore

A critical security vulnerability has been discovered in pgAdmin, the world’s most popular open-source management tool for PostgreSQL. The flaw, tracked as CVE-2025-13780, carries a critical CVSS score of 9.1 and allows attackers to achieve Remote Code Execution (RCE) by exploiting a subtle oversight in how the software processes file encoding.

The vulnerability affects pgAdmin versions up to 9.10 when running in server mode. It creates a scenario where a routine database restore operation can be weaponized to execute arbitrary commands on the host server, posing a catastrophic risk to database integrity.

This vulnerability is particularly concerning because it represents a bypass of a security fix implemented for a previous issue, CVE-2025-12762.

In that earlier patch, the pgAdmin team introduced a filter designed to strip out dangerous “meta-commands” from SQL dump files before they could be executed. However, security researchers found a way to blind this filter using a simple byte sequence.

The core of the issue lies in how pgAdmin’s security filter, specifically the has_meta_commands() function, scans files versus how the underlying psql utility executes them.

The filter uses a regular expression to scan raw bytes for dangerous commands like \! (which allows shell command execution). However, the regex was not designed to account for specific file signatures, such as the UTF-8 Byte Order Mark (BOM)—a sequence of bytes (EF BB BF) often added to the start of text files to indicate encoding.

Here is the exploit chain:

1. An attacker crafts a malicious PLAIN-format SQL dump file that begins with the UTF-8 BOM byte sequence.
2. When pgAdmin scans the file, the regex encounters the BOM bytes first. Because it does not recognize them as “ignorable,” it fails to detect the dangerous meta-commands hidden immediately after them. The filter assumes the file is safe.
3. pgAdmin then passes the file to the psql utility using the –file argument. Unlike the filter, psql is designed to handle text encoding intelligently. It automatically strips the BOM bytes, reads the dangerous \! meta-command, and executes the attacker’s payload.

This “parsing mismatch” allows attackers to inject and execute arbitrary commands with the privileges of the user running the pgAdmin server. This could lead to:

• Full server compromise.
• Theft or deletion of sensitive database data.
• Lateral movement within the network hosting the database infrastructure.

Administrators running pgAdmin in server mode should immediately check their version. Since versions up to 9.10 are affected, teams should look for the release of pgAdmin 9.11 or applying vendor-supplied mitigations immediately to close this critical gap.

Related Posts:

• Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files
• CVE-2025-26519 Exposes Applications Using musl libc to Remote Code Execution
• PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks
• pgAdmin 4 Vulnerabilities Expose Databases to Remote Code Execution and XSS