CVE-2020-25695

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 13.1 PostgreSQL versions prior to 12.5 PostgreSQL versions prior to 11.10 PostgreSQL versions prior to 10.15 PostgreSQL versions prior to 9.6.20 PostgreSQL versions prior to 9.5.24

Description: A flaw was found in PostgreSQL that allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under the identity of a superuser. The highest threat from this issue is to data confidentiality and integrity as well as system availability. The vulnerability is related to insufficient protection of the SQL query structure, which can be exploited by a remote attacker to impact data integrity, availability, and confidentiality.

Recommendations: For versions prior to 13.1, update to version 13.1 or later. For versions prior to 12.5, update to version 12.5 or later. For versions prior to 11.10, update to version 11.10 or later. For versions prior to 10.15, update to version 10.15 or later. For versions prior to 9.6.20, update to version 9.6.20 or later. For versions prior to 9.5.24, update to version 9.5.24 or later.