SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Rapid7
#
BeyondTrust
#
PostgreSQL

High-severity SQL vulnerability found in PostgreSQL tool

Fri, 14th Feb 2025
Author image
By Melania Watson, Interview Editor

Rapid7 has disclosed the findings of a high-severity SQL injection vulnerability, CVE-2025-1094, which affects the PostgreSQL interactive tool psql.

This vulnerability was identified during Rapid7's research into CVE-2024-12356, an unauthenticated remote code execution vulnerability impacting BeyondTrust's Privileged Remote Access and Remote Support solutions.

Rapid7 found that exploiting CVE-2024-12356 required exploiting CVE-2025-1094 to achieve remote code execution.

While BeyondTrust patched CVE-2024-12356 in December 2024, addressing both CVE-2024-12356 and CVE-2025-1094's exploitation paths, this patch did not resolve CVE-2025-1094's root cause, which remained unaddressed until Rapid7's disclosure. Affected versions include all supported PostgreSQL releases prior to 17.3, 16.7, 15.11, 14.16, and 13.19.

The vulnerability has a CVSS 3.1 base score of 8.1, indicating a high severity.

Stephen Fewer, Principal Security Researcher at Rapid7, discovered the vulnerability.

He found that CVE-2025-1094 arises from incorrect assumptions about the security of escaped untrusted input in PostgreSQL's string escaping routines. Escaped untrusted input, when executed via the interactive psql tool, can still lead to an SQL injection.

An attack can occur due to the PostgreSQL string escaping routines' handling of invalid UTF-8 characters. When combined with psql's processing of invalid byte sequences, this allows attackers to exploit CVE-2025-1094. Such an attack can lead to arbitrary code execution by using the interactive tool's meta-command feature, which can execute operating system shell commands under certain conditions.

Alternatively, attackers using this vulnerability can execute arbitrary attacker-controlled SQL statements, significantly enhancing the threat it poses.

PostgreSQL users are advised to upgrade to versions 17.3, 16.7, 15.11, 14.16, or 13.19 to mitigate CVE-2025-1094. Further details are available in the PostgreSQL advisory.

A Metasploit exploit module targeting CVE-2025-1094 against vulnerable BeyondTrust systems is available, providing a direct path to exploitation.

This disclosure follows Rapid7's vulnerability disclosure policy, with pertinent information and a timeline provided in coordination with the PostgreSQL development group. The PostgreSQL Global Development Group offers additional support and details concerning security vulnerability reporting and fixes through their official security support channels.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
BeyondTrust launches AI tool to bolster identity security
Ransomware in 2024: 75 groups with median demand USD $200k
Fortinet firewalls hit by major data leak and zero-day flaw
January Patch Tuesday reveals 161 vulnerabilities
2024 cyber threat landscape highlights key attack trends
Top stories
How to enhance the efficiency and innovation of your organisation within budget
Thales introduces new FIDO lifecycle management solution
Lexsoft integrates T3 search with ethical walls systems
Nozomi Networks named Leader in Gartner's 2025 Quadrant
Zeller launches financial solution for tech startup founders