Svenklem

**Name of the Vulnerable Software and Affected Versions** TimescaleDB versions 2.23.0 through 2.25.1 **Description** TimescaleDB is a time-series database that functions as a Postgres extension. A flaw exists where PostgreSQL’s use of the `search path` setting can allow a malicious user to create functions in user-writable schemas. These functions can shadow built-in Postgres functions and be executed instead during extension upgrades, potentially leading to arbitrary code execution. The issue stems from unqualified database object lookups when the `search path` includes schemas accessible for writing. **Recommendations** Upgrade to TimescaleDB version 2.25.2 or later.