Aiven · Aiven-Db-Migrate · CVE-2025-55282
Name of the Vulnerable Software and Affected Versions:
aiven-db-migrate versions prior to 1.0.7
Description:
aiven-db-migrate is a database migration tool. A privilege escalation issue exists that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. This is due to a lack of `search path` restriction, which allows an attacker to override `pg catalog` and execute untrusted operators as a superuser.
Recommendations:
Update to aiven-db-migrate version 1.0.7 or later.