CVE-2025-12765: 
Python vulnerability analysis and mitigation

A vulnerability in pgAdmin version 9.9 and earlier affects the LDAP authentication mechanism, allowing attackers to bypass TLS certificate verification (CVE-2025-12765). The vulnerability was discovered by Arad Inbar and disclosed on November 13, 2025 (GitHub Issue).

The vulnerability exists in the __configure_tls method of the Ldap class within web/pgadmin/authenticate/ldap.py. The issue stems from the default configuration where certificate validation mode is set to ssl.CERT_NONE, effectively disabling TLS certificate validation. Certificate validation (ssl.CERT_REQUIRED) is only enabled if specific configuration parameters (LDAP_CA_CERT_FILE, LDAP_CERT_FILE, and LDAP_KEY_FILE) are all set. The vulnerability has been assigned CWE-295 and carries a CVSS v3.1 score of 7.5 with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (Miggo).

The vulnerability enables on-path attackers to perform man-in-the-middle attacks against the LDAP authentication process. Attackers can terminate TLS with a fraudulent certificate and proxy traffic, potentially stealing LDAP bind credentials and manipulating directory responses. This is particularly concerning in Active Directory environments where MTLS is typically disabled (GitHub Issue).

A patch has been implemented that introduces a new configuration parameter, LDAP_CERT_VALIDATE, which defaults to True. This ensures that certificate validation (ssl.CERT_REQUIRED) is enabled by default and must be explicitly disabled if needed (Miggo).