CVE-2025-12765 - Vulnerability Details - OpenCVE

pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-g4r8-3qmh-pmch	pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/pgadmin-org/pgadmin4/issues/9324

History

Thu, 13 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Nov 2025 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-295

Thu, 13 Nov 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
Title		pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.
References		https://github.com/pgadmin-org/pgadmin4/issues/9324
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published: 2025-11-13T13:00:11.448Z

Updated: 2025-11-13T14:00:56.314Z

Reserved: 2025-11-05T17:30:07.757Z

Link: CVE-2025-12765

Vulnrichment

Updated: 2025-11-13T14:00:27.209Z

NVD

Status : Received

Published: 2025-11-13T13:15:45.037

Modified: 2025-11-13T14:15:47.873

Link: CVE-2025-12765

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12765", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2025-11-05T17:30:07.757Z", "datePublished": "2025-11-13T13:00:11.448Z", "dateUpdated": "2025-11-13T14:00:56.314Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Authentication"], "product": "pgAdmin 4", "programFiles": ["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/authenticate/ldap.py"], "repo": "https://github.com/pgadmin-org/pgadmin4", "vendor": "pgadmin.org", "versions": [{"lessThan": "9.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-11-04T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.<br><br>"}], "value": "pgAdmin <= 9.9\u00a0 is affected by a\u00a0vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2025-11-13T13:00:11.448Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://github.com/pgadmin-org/pgadmin4/issues/9324"}], "source": {"discovery": "EXTERNAL"}, "title": "pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-13T14:00:33.389368Z", "id": "CVE-2025-12765", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T14:00:56.314Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12765", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-13T14:00:33.389368Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T14:00:27.209Z"}}], "cna": {"title": "pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/pgadmin-org/pgadmin4", "vendor": "pgadmin.org", "modules": ["Authentication"], "product": "pgAdmin 4", "versions": [{"status": "affected", "version": "0", "lessThan": "9.10", "versionType": "custom"}], "programFiles": ["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/authenticate/ldap.py"], "defaultStatus": "affected"}], "datePublic": "2025-11-04T18:30:00.000Z", "references": [{"url": "https://github.com/pgadmin-org/pgadmin4/issues/9324", "tags": ["issue-tracking"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "pgAdmin <= 9.9\u00a0 is affected by a\u00a0vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.", "supportingMedia": [{"type": "text/html", "value": "pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.<br><br>", "base64": false}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2025-11-13T13:00:11.448Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12765", "state": "PUBLISHED", "dateUpdated": "2025-11-13T14:00:56.314Z", "dateReserved": "2025-11-05T17:30:07.757Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2025-11-13T13:00:11.448Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.2"}