A significant security flaw has been discovered in pgAdmin, the widely used open-source administration and development platform for PostgreSQL databases.
The vulnerability, tracked as CVE-2025-9636, affects all pgAdmin versions up to and including 9.7, potentially allowing remote attackers to gain unauthorized access to user accounts and the sensitive data they manage.
The core of the issue lies in an improperly configured Cross-Origin Opener Policy (COOP). This security feature is designed to isolate a web application’s window from other windows, preventing malicious pages from interacting with it.
In affected pgAdmin versions, this policy was not enforced correctly, creating an opening for attackers to manipulate the OAuth authentication flow.
OAuth is a standard protocol used for secure authorization, often seen in “Log in with Google” or “Log in with GitHub” functionalities.
PgAdmin Vulnerability Exploited
An attacker could exploit this vulnerability by tricking a user into clicking a specially crafted link. This link would open the pgAdmin login page in a new browser window while the attacker’s malicious page remains active in the original window.
Due to the COOP misconfiguration, the attacker’s page can maintain a reference to the pgAdmin window and interfere with the authentication process.
If the user then proceeds to log in using an OAuth provider, the attacker can intercept the authentication token, effectively hijacking the session.
The successful exploitation of this flaw carries severe risks for organizations and their data. The primary consequences include:
- Unauthorised Account Access: An attacker can gain control of a legitimate user’s pgAdmin session, granting them the same level of access as the victim.
- Data Breaches: Once inside, an attacker can view, modify, or exfiltrate sensitive information from any PostgreSQL databases connected to the compromised pgAdmin instance.
- Account Takeover: The vulnerability could be leveraged to perform a full account takeover, locking the legitimate user out.
- Privilege Escalation: If the hijacked account has administrative privileges, the attacker could potentially escalate their access within the database or even the underlying server infrastructure.
Mitigations
The pgAdmin development team has swiftly responded to the issue. A patch has been released that corrects the COOP header configuration, closing the security gap.
The fix is detailed in a commit on the project’s official GitHub repository. All users of pgAdmin versions 9.7 and earlier are strongly urged to update to the latest version immediately to protect their systems from potential attacks.
Administrators should prioritize applying this update to all pgAdmin instances within their environments to prevent unauthorized access and safeguard their database assets.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
