CVE Database · CVE-2025-9636
CVSS v3.1
7.9
EPSS
0.21%
Published
Sep 4, 2025
Modified
Sep 11, 2025
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:LWeaknesses (CWE)
Affected Products (1)
References (1)