CVE-2025-9636

HIGH7.9EPSS 0.04%

pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

Published: 9/5/2025Modified: 9/5/2025

Description

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

Affected packages (1)

PyPI/pgadmin4from 0, < 9.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-9636
PATCHhttps://github.com/pgadmin-org/pgadmin4
WEBhttps://github.com/pgadmin-org/pgadmin4/commit/cdeb18fcbb139a200b5a4779c82f9cd1aaaf3c89
WEBhttps://github.com/pgadmin-org/pgadmin4/issues/9114