PT-2025-39636 · Unknown · Postgresql
Published
2025-09-11
·
Updated
2025-09-27
·
CVE-2025-11060
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
versions prior to 2.3
Description
A flaw exists in the live query subscription mechanism of the database engine. This allows record or guest users to observe unauthorized records within the same table, bypassing access controls. This is achieved through crafted LIVE SELECT subscriptions when other users alter or delete records.
Recommendations
Update to a version prior to 2.3.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Postgresql