CVE-2025-5690

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions 2.0 through 2.1

Description The issue allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg dump. This problem occurs only when dynamic masking is enabled, which is not the default setting.

Recommendations For versions 2.0 and 2.1, update to version 2.2.1 to resolve the issue. As a temporary workaround, consider disabling dynamic masking until the update is applied. Restrict access to the database cursor and the --insert option of pg dump to minimize the risk of exploitation.