PgAdmin Vulnerability Allows Attackers to Gain Unauthorized Account Access

A newly disclosed security flaw in pgAdmin4, the widely used open-source tool for managing PostgreSQL databases, has raised serious concerns among developers and database administrators across the world.

The vulnerability, tracked as CVE-2025-9636, was recently highlighted in the GitHub Advisory Database and classified as High severity.

The issue lies in a Cross-Origin Opener Policy (COOP) vulnerability that affects versions of pgAdmin up to 9.7.

Attackers can exploit this flaw during the authentication and OAuth flow, potentially enabling unauthorized account access, session hijacking, and even full account takeover.

Such an exploit could compromise sensitive data, escalate user privileges, and facilitate further cyberattacks on connected systems.

Vulnerability Details

According to the advisory, the vulnerability requires some user interaction, but the risk remains significant due to the central role pgAdmin plays in managing PostgreSQL environments.

By manipulating the COOP headers, malicious actors can bypass normal browser protections, thereby tricking the authentication process ...