7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-12765

CVE-2025-12765: pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-12765

CVE-2025-12765:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pgadmin4	pip	<= 9.9	9.10

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the security patch 09d2b7eeb0e330df73b1aef0cba57788fde52b6b clearly indicates that the vulnerability CVE-2025-12765 is located in the web/pgadmin/authenticate/ldap.py file. The function Ldap.__configure_tls was responsible for configuring the TLS settings for the LDAP connection. The vulnerable code set the certificate validation mode to ssl.CERT_NONE by default, which means no certificate validation was performed unless specific certificate files were provided in the configuration. This created a scenario where TLS could be bypassed. The patch rectifies this by introducing a new configuration parameter, LDAP_CERT_VALIDATE, which defaults to True. This ensures that certificate validation (ssl.CERT_REQUIRED) is enabled by default, and must be explicitly disabled if needed, thus fixing the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-12765: pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

CVE-2025-12765:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.5

7.5

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-12765: pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI