PT-2025-33268 · Unknown+13 · Postgresql+12

Martin Rakhmanov

+2

·

Published

2025-08-13

·

Updated

2026-04-02

·

CVE-2025-8714

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22
Description: The vulnerability relates to untrusted data inclusion within the pg dump utility. Exploitation allows a malicious superuser of the origin server to inject arbitrary code for execution during restore operations performed by the psql client. This affects pg dumpall and pg restore when used to generate plain-format dumps. Approximately 3.3 million devices are estimated to be affected. The issue allows for remote code execution.
Recommendations: Update to PostgreSQL version 17.6 or later. Update to PostgreSQL version 16.10 or later. Update to PostgreSQL version 15.14 or later. Update to PostgreSQL version 14.19 or later. Update to PostgreSQL version 13.22 or later. As a temporary workaround, use the --no-comments option during pg restore operations.

Fix

RCE

SQL injection

Weakness Enumeration

CWE-829CWE-264CWE-89

Related Identifiers

ALSA-2025:14826
ALSA-2025:14827
ALSA-2025:14862
ALSA-2025:14878
ALSA-2025:14899
ALSA-2025:15021
ALSA-2025:15022
ALSA-2025:15115
ALT-PU-2025-10456
ALT-PU-2025-10476
ALT-PU-2025-10478
ALT-PU-2025-10479
ALT-PU-2025-10480
ALT-PU-2025-10481
ALT-PU-2025-10482
ALT-PU-2025-10926
ALT-PU-2025-10928
ALT-PU-2025-10929
ALT-PU-2025-10930
ALT-PU-2025-10931
ALT-PU-2025-10932
AZL-66303
AZL-66324
BDU:2025-09829
BIT-POSTGRESQL-2025-8714
CESA-2025_14899
CESA-2025_15021
CESA-2025_15022
CESA-2025_15115
CLEANSTART-2026-AI42483
CLEANSTART-2026-DJ71086
CLEANSTART-2026-EQ51133
CLEANSTART-2026-GI40937
CLEANSTART-2026-JA70776
CLEANSTART-2026-KA40024
CLEANSTART-2026-WY43835
CLEANSTART-2026-ZC18474
CVE-2025-8714
DLA-4273-1
ECHO-FD55-A447-698B
INFSA-2025_14827
INFSA-2025_14862
INFSA-2025_14878
INFSA-2025_14899
INFSA-2025_15021
INFSA-2025_15022
INFSA-2025_15115
MGASA-2025-0230
OESA-2025-2104
OESA-2025-2137
OESA-2025-2138
OESA-2025-2139
OESA-2025-2140
OESA-2025-2141
OESA-2025-2142
OESA-2025-2143
OESA-2025-2144
OESA-2025-2239
OESA-2025-2240
OPENSUSE-SU-2025:15450-1
OPENSUSE-SU-2025:15451-1
OPENSUSE-SU-2025:15452-1
OPENSUSE-SU-2025:15453-1
OPENSUSE-SU-2025:15455-1
OPENSUSE-SU-2025:15493-1
RHSA-2025:14826
RHSA-2025:14827
RHSA-2025:14862
RHSA-2025:14869
RHSA-2025:14870
RHSA-2025:14878
RHSA-2025:14899
RHSA-2025:15006
RHSA-2025:15012
RHSA-2025:15013
RHSA-2025:15014
RHSA-2025:15015
RHSA-2025:15021
RHSA-2025:15022
RHSA-2025:15031
RHSA-2025:15034
RHSA-2025:15057
RHSA-2025:15062
RHSA-2025:15114
RHSA-2025:15115
RHSA-2025:15359
RHSA-2025:15361
RHSA-2025:16099
RHSA-2025_14827
RHSA-2025_14862
RHSA-2025_14878
RHSA-2025_14899
RHSA-2025_15021
RHSA-2025_15022
RHSA-2025_15115
SUSE-SU-2025:02842-1
SUSE-SU-2025:02980-1
SUSE-SU-2025:02981-1
SUSE-SU-2025:02986-1
SUSE-SU-2025:02987-1
SUSE-SU-2025:02994-1
SUSE-SU-2025:02995-1
SUSE-SU-2025:03003-1
SUSE-SU-2025:03004-1
SUSE-SU-2025:03005-1
SUSE-SU-2025:03005-2
SUSE-SU-2025:03018-1
SUSE-SU-2025:03018-2
SUSE-SU-2025:03019-1
SUSE-SU-2025:03019-2
SUSE-SU-2025:03020-1
SUSE-SU-2025:03030-1
SUSE-SU-2025:03031-1
SUSE-SU-2025_02980-1
SUSE-SU-2025_02981-1
SUSE-SU-2025_02986-1
SUSE-SU-2025_02987-1
SUSE-SU-2025_02994-1
SUSE-SU-2025_02995-1
SUSE-SU-2025_03003-1
SUSE-SU-2025_03004-1
SUSE-SU-2025_03005-1
SUSE-SU-2025_03005-2
SUSE-SU-2025_03018-1
SUSE-SU-2025_03018-2
SUSE-SU-2025_03019-1
SUSE-SU-2025_03019-2
SUSE-SU-2025_03020-1
SUSE-SU-2025_03030-1
SUSE-SU-2025_03031-1
USN-7741-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Ibm Aix
Linuxmint
Postgresql
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Zvirt Node