Standalone python script to exploit pgAdmin4 query tool authenticated RCE vulnerability (CVE-2025-2945) in pgAdmin4 version 8.10 - 9.1.
Ported from Metasploit module: pgadmin_query_tool_authenticated.rb
References:
- https://www.cve.org/CVERecord?id=CVE-2025-2945
- https://nvd.nist.gov/vuln/detail/CVE-2025-2945
- https://github.com/advisories/GHSA-g73c-fw68-pwx3
Docker environment and writeup for vulnerability reproduction: vulhub/pgadmin/CVE-2025-2945
This software is designed for educational and research purposes only. The author is not responsible for any misuse of the code provided here.