CVE-2025-9636

Cross-Origin Opener Policy Vulnerability in pgAdmin 4

Description

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

INFO

Published Date :

2025-09-04T16:43:27.710Z

Last Modified :

2025-09-05T03:55:49.451Z

Source :

PostgreSQL

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9636 vulnerability.

Vendors	Products
Pgadmin	Pgadmin Pgadmin 4

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9636.

URL	Resource
https://github.com/pgadmin-org/pgadmin4/issues/9114

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact