CVE-2025-52969

Name of the Vulnerable Software and Affected Versions: ClickHouse version 25.7.1.557

Description: The issue allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. There is no access control preventing low-privileged users from invoking Executable tables already present in the system. If an attacker can influence the contents of the script referenced by the Executable() engine through writable paths, they may execute controlled commands in the context of the ClickHouse server, leading to privilege escalation and unauthorized code execution.

Recommendations: For ClickHouse version 25.7.1.557, consider restricting access to existing Executable() tables to prevent low-privileged users from invoking them, or remove the Executable() tables if they are not necessary. As a temporary workaround, consider restricting writable paths that could be used to influence the script referenced by the Executable() engine.