CVE-2025-8715

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.6 PostgreSQL versions prior to 16.10 PostgreSQL versions prior to 15.14 PostgreSQL versions prior to 14.19 PostgreSQL versions prior to 13.22

Description: Improper neutralization of newlines in pg dump allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg dumpall, pg restore, and pg upgrade are also affected.

Recommendations: Update to PostgreSQL version 17.6 or later. Update to PostgreSQL version 16.10 or later. Update to PostgreSQL version 15.14 or later. Update to PostgreSQL version 14.19 or later. Update to PostgreSQL version 13.22 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-93

Related Identifiers

ALSA-2025:14826

ALSA-2025:14827

ALSA-2025:14862

ALSA-2025:14878

ALSA-2025:14899

ALSA-2025:15021

ALSA-2025:15022

ALSA-2025:15115

ALT-PU-2025-10456

ALT-PU-2025-10476

ALT-PU-2025-10478

ALT-PU-2025-10479

ALT-PU-2025-10480

ALT-PU-2025-10481

ALT-PU-2025-10482

ALT-PU-2025-10926

ALT-PU-2025-10928

ALT-PU-2025-10929

ALT-PU-2025-10930

ALT-PU-2025-10931

ALT-PU-2025-10932

AZL-66306

AZL-66327

BDU:2025-09830

BIT-POSTGRESQL-2025-8715

CESA-2025_14899

CESA-2025_15021

CESA-2025_15022

CESA-2025_15115

CLEANSTART-2026-AI42483

CLEANSTART-2026-DJ71086

CLEANSTART-2026-EQ51133

CLEANSTART-2026-GI40937

CLEANSTART-2026-JA70776

CLEANSTART-2026-KA40024

CLEANSTART-2026-WY43835

CLEANSTART-2026-ZC18474

CVE-2025-8715

DLA-4273-1

ECHO-B8E7-D561-1EB4

INFSA-2025_14827

INFSA-2025_14862

INFSA-2025_14878

INFSA-2025_14899

INFSA-2025_15021

INFSA-2025_15022

INFSA-2025_15115

MGASA-2025-0230

OESA-2025-2104

OESA-2025-2137

OESA-2025-2138

OESA-2025-2139

OESA-2025-2140

OESA-2025-2141

OESA-2025-2142

OESA-2025-2143

OESA-2025-2144

OESA-2025-2239

OESA-2025-2240

OPENSUSE-SU-2025:15450-1

OPENSUSE-SU-2025:15451-1

OPENSUSE-SU-2025:15452-1

OPENSUSE-SU-2025:15453-1

OPENSUSE-SU-2025:15455-1

RHSA-2025_14827

RHSA-2025_14862

RHSA-2025_14878

RHSA-2025_14899

RHSA-2025_15021

RHSA-2025_15022

RHSA-2025_15115

SUSE-SU-2025:02842-1

SUSE-SU-2025:02980-1

SUSE-SU-2025:02981-1

SUSE-SU-2025:02986-1

SUSE-SU-2025:02987-1

SUSE-SU-2025:02994-1

SUSE-SU-2025:02995-1

SUSE-SU-2025:03003-1

SUSE-SU-2025:03004-1

SUSE-SU-2025:03005-1

SUSE-SU-2025:03005-2

SUSE-SU-2025:03018-1

SUSE-SU-2025:03018-2

SUSE-SU-2025:03019-1

SUSE-SU-2025:03019-2

SUSE-SU-2025:03020-1

SUSE-SU-2025:03030-1

SUSE-SU-2025:03031-1

SUSE-SU-2025_02980-1

SUSE-SU-2025_02981-1

SUSE-SU-2025_02986-1

SUSE-SU-2025_02987-1

SUSE-SU-2025_02994-1

SUSE-SU-2025_02995-1

SUSE-SU-2025_03003-1

SUSE-SU-2025_03004-1

SUSE-SU-2025_03005-1

SUSE-SU-2025_03005-2

SUSE-SU-2025_03018-1

SUSE-SU-2025_03018-2

SUSE-SU-2025_03019-1

SUSE-SU-2025_03019-2

SUSE-SU-2025_03020-1

SUSE-SU-2025_03030-1

SUSE-SU-2025_03031-1

USN-7741-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Ibm Aix

Linuxmint

Postgresql

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Zvirt Node

Pgpdump

Pg Dumpall

Pg Restore

Pg Upgrade

Psql

CVE-2025-8715

Weakness Enumeration

Related Identifiers

Affected Products

References · 207