CVE-2025-12765
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-19
Assigner: PostgreSQL
Description
Description
pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pgadmin | pgadmin_4 | to 9.10 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects pgAdmin versions up to 9.9 and involves the LDAP authentication mechanism. It allows an attacker to bypass TLS certificate verification, which means the system may accept an untrusted or malicious certificate during LDAP authentication.
How can this vulnerability impact me? :
By bypassing TLS certificate verification in LDAP authentication, an attacker could perform a man-in-the-middle attack, intercepting or manipulating authentication traffic. This could lead to unauthorized access or exposure of sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70