Security update for pgadmin4 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0015-1 Final 1 1 2026-01-05T10:40:59Z current 2026-01-05T10:40:59Z 2026-01-05T10:40:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pgadmin4 This update for pgadmin4 fixes the following issues: - CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478). - CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-15,SUSE-SLE-Module-Python3-15-SP7-2026-15,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-15,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-15,openSUSE-SLE-15.6-2026-15 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260015-1/ Link for SUSE-SU-2026:0015-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023673.html E-Mail link for SUSE-SU-2026:0015-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253477 SUSE Bug 1253477 https://bugzilla.suse.com/1253478 SUSE Bug 1253478 https://www.suse.com/security/cve/CVE-2025-12764/ SUSE CVE CVE-2025-12764 page https://www.suse.com/security/cve/CVE-2025-12765/ SUSE CVE CVE-2025-12765 page SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP6 openSUSE Leap 15.6 pgadmin4-8.5-150600.3.18.1 pgadmin4-cloud-8.5-150600.3.18.1 pgadmin4-desktop-8.5-150600.3.18.1 pgadmin4-doc-8.5-150600.3.18.1 pgadmin4-web-uwsgi-8.5-150600.3.18.1 system-user-pgadmin-8.5-150600.3.18.1 pgadmin4-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 pgadmin4-doc-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 system-user-pgadmin-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 pgadmin4-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP6-LTSS pgadmin4-doc-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP6-LTSS system-user-pgadmin-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP6-LTSS pgadmin4-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 pgadmin4-doc-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 system-user-pgadmin-8.5-150600.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 pgadmin4-8.5-150600.3.18.1 as a component of openSUSE Leap 15.6 pgadmin4-cloud-8.5-150600.3.18.1 as a component of openSUSE Leap 15.6 pgadmin4-desktop-8.5-150600.3.18.1 as a component of openSUSE Leap 15.6 pgadmin4-doc-8.5-150600.3.18.1 as a component of openSUSE Leap 15.6 pgadmin4-web-uwsgi-8.5-150600.3.18.1 as a component of openSUSE Leap 15.6 system-user-pgadmin-8.5-150600.3.18.1 as a component of openSUSE Leap 15.6 pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS. CVE-2025-12764 SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-8.5-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-doc-8.5-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP7:system-user-pgadmin-8.5-150600.3.18.1 SUSE Linux Enterprise Server 15 SP6-LTSS:pgadmin4-8.5-150600.3.18.1 SUSE Linux Enterprise Server 15 SP6-LTSS:pgadmin4-doc-8.5-150600.3.18.1 SUSE Linux Enterprise Server 15 SP6-LTSS:system-user-pgadmin-8.5-150600.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:pgadmin4-8.5-150600.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:pgadmin4-doc-8.5-150600.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:system-user-pgadmin-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.18.1 openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260015-1/ https://www.suse.com/security/cve/CVE-2025-12764.html CVE-2025-12764 https://bugzilla.suse.com/1253477 SUSE Bug 1253477 pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. CVE-2025-12765 SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-8.5-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP7:pgadmin4-doc-8.5-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP7:system-user-pgadmin-8.5-150600.3.18.1 SUSE Linux Enterprise Server 15 SP6-LTSS:pgadmin4-8.5-150600.3.18.1 SUSE Linux Enterprise Server 15 SP6-LTSS:pgadmin4-doc-8.5-150600.3.18.1 SUSE Linux Enterprise Server 15 SP6-LTSS:system-user-pgadmin-8.5-150600.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:pgadmin4-8.5-150600.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:pgadmin4-doc-8.5-150600.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:system-user-pgadmin-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.18.1 openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.18.1 openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260015-1/ https://www.suse.com/security/cve/CVE-2025-12765.html CVE-2025-12765 https://bugzilla.suse.com/1253478 SUSE Bug 1253478