CVE-2025-12817
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-13
Assigner: PostgreSQL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| postgresql | postgresql | 16.11 |
| postgresql | postgresql | 13.23 |
| postgresql | postgresql | 15.15 |
| postgresql | postgresql | 17.7 |
| postgresql | postgresql | 18.1 |
| postgresql | postgresql | 14.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization check in the PostgreSQL CREATE STATISTICS command. It allows a table owner to cause a denial of service against other users who use CREATE STATISTICS by creating statistics objects in any schema. This prevents other users with CREATE privileges from creating statistics with the same name later, causing their commands to fail.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a table owner to deny service to other users who need to create statistics in the database. This can disrupt database operations that rely on statistics for query planning and optimization, potentially degrading performance or causing failures in database tasks that require creating statistics.