CVE-2025-8714
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: PostgreSQL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| postgresql | postgresql | 13.22 |
| postgresql | postgresql | 16.10 |
| postgresql | postgresql | 14.19 |
| postgresql | postgresql | 17.6 |
| postgresql | postgresql | 15.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves untrusted data inclusion in the pg_dump utility of PostgreSQL. A malicious superuser on the origin server can inject arbitrary code that will be executed during the restore process by the client operating system account running psql. This happens through psql meta-commands. The issue also affects pg_dumpall and pg_restore when generating plain-format dumps.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary code execution on the client machine during database restore operations. This means an attacker with superuser access on the origin server could execute malicious code on the client system, potentially compromising confidentiality, integrity, and availability of the client environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade PostgreSQL to version 17.6, 16.10, 15.14, 14.19, or 13.22 or later. Avoid using pg_dump, pg_dumpall, or pg_restore with untrusted data or from untrusted superusers until the upgrade is applied.