SUSE-SU-2026:0015-1

Details

This update for pgadmin4 fixes the following issues:

CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478).
CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477).

Affected Packages

pgadmin4

SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

8.5-150600.3.18.1

pgadmin4-doc

SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

8.5-150600.3.18.1

system-user-pgadmin

SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

8.5-150600.3.18.1

pgadmin4-cloud

openSUSE Leap 15.6

Fixed in:

8.5-150600.3.18.1

pgadmin4-desktop

openSUSE Leap 15.6

Fixed in:

8.5-150600.3.18.1

pgadmin4-web-uwsgi

openSUSE Leap 15.6

Fixed in:

8.5-150600.3.18.1

References

REPORThttps://bugzilla.suse.com/1253477 REPORThttps://bugzilla.suse.com/1253478 WEBhttps://www.suse.com/security/cve/CVE-2025-12764 WEBhttps://www.suse.com/security/cve/CVE-2025-12765 ADVISORYhttps://www.suse.com/support/update/announcement/2026/suse-su-20260015-1/

SUSE-SU-2026:0015-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline