PT-2025-46823 · Unknown+8 · Postgresql+7

Published

2025-11-13

·

Updated

2026-03-30

·

CVE-2025-12817

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.1 PostgreSQL versions prior to 17.7 PostgreSQL versions prior to 16.11 PostgreSQL versions prior to 15.15 PostgreSQL versions prior to 14.20 PostgreSQL versions prior to 13.23
Description A flaw exists in the PostgreSQL CREATE STATISTICS command where insufficient authorization checks can lead to a denial of service. A table owner can negatively impact other users attempting to use CREATE STATISTICS by creating statistics in any schema. A subsequent CREATE STATISTICS operation, initiated by a user with the necessary CREATE privilege, will then fail.
Recommendations Update to PostgreSQL version 18.1 or later. Update to PostgreSQL version 17.7 or later. Update to PostgreSQL version 16.11 or later. Update to PostgreSQL version 15.15 or later. Update to PostgreSQL version 14.20 or later. Update to PostgreSQL version 13.23 or later.

Fix

DoS

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-862

Related Identifiers

ALSA-2026:0491
ALSA-2026:0492
ALSA-2026:0493
ALSA-2026:0519
ALSA-2026:0523
ALSA-2026:0524
ALT-PU-2025-14379
ALT-PU-2025-14441
ALT-PU-2025-14443
ALT-PU-2025-14444
ALT-PU-2025-14445
ALT-PU-2025-14446
ALT-PU-2025-14447
ALT-PU-2025-14642
ALT-PU-2025-14644
ALT-PU-2025-14645
ALT-PU-2025-14646
ALT-PU-2025-14647
ALT-PU-2025-14648
AZL-70169
AZL-70396
BDU:2025-14083
CVE-2025-12817
DLA-4420-1
ECHO-E69D-D943-6623
MGASA-2025-0302
OPENSUSE-SU-2025:15782-1
OPENSUSE-SU-2025:15783-1
OPENSUSE-SU-2025:15784-1
OPENSUSE-SU-2025:15785-1
OPENSUSE-SU-2025:15789-1
OPENSUSE-SU-2026:20130-1
OPENSUSE-SU-2026:20131-1
OPENSUSE-SU-2026:20265-1
OPENSUSE-SU-2026:20266-1
OPENSUSE-SU-2026:20449-1
RHSA-2025:22728
RHSA-2025:23022
RHSA-2025:23023
RHSA-2026:0262
RHSA-2026:0263
RHSA-2026:0264
RHSA-2026:0265
RHSA-2026:0266
RHSA-2026:0267
RHSA-2026:0268
RHSA-2026:0269
RHSA-2026:0270
RHSA-2026:0455
RHSA-2026:0456
RHSA-2026:0491
RHSA-2026:0492
RHSA-2026:0493
RHSA-2026:0519
RHSA-2026:0523
RHSA-2026:0524
RHSA-2026:0525
RHSA-2026:8756
SUSE-SU-2025:4325-1
SUSE-SU-2025:4334-1
SUSE-SU-2025:4363-1
SUSE-SU-2025:4364-1
SUSE-SU-2025:4370-1
SUSE-SU-2025:4371-1
SUSE-SU-2025:4372-1
SUSE-SU-2025:4386-1
SUSE-SU-2025:4387-1
SUSE-SU-2025:4388-1
SUSE-SU-2025:4406-1
SUSE-SU-2025:4484-1
SUSE-SU-2025:4485-1
SUSE-SU-2025:4486-1
SUSE-SU-2025_4334-1
SUSE-SU-2025_4363-1
SUSE-SU-2025_4364-1
SUSE-SU-2025_4370-1
SUSE-SU-2025_4371-1
SUSE-SU-2025_4372-1
SUSE-SU-2025_4386-1
SUSE-SU-2025_4387-1
SUSE-SU-2025_4388-1
SUSE-SU-2026:0197-1
SUSE-SU-2026:20193-1
SUSE-SU-2026:20194-1
SUSE-SU-2026:20587-1
SUSE-SU-2026:20588-1
SUSE-SU-2026:20986-1
USN-7908-1

Affected Products

Alt Linux
Debian
Linuxmint
Postgresql
Red Os
Rocky Linux
Suse
Ubuntu