Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Zero-Day Vulnerability in PostgreSQL Exposed: A Critical Threat to Cybersecurity



Zero-Day Vulnerability in PostgreSQL Exposed: A Critical Threat to Cybersecurity
A critical zero-day vulnerability has been discovered in the popular open-source database management system, PostgreSQL. The vulnerability could allow attackers to execute arbitrary code by using psql meta-commands, potentially leading to full system control. Experts are urging organizations to take immediate action to patch this vulnerability and ensure their systems are secure against exploitation.

Summary:
A zero-day vulnerability has been discovered in the popular open-source database management system, PostgreSQL. The critical flaw could allow attackers to execute arbitrary code by using psql meta-commands, potentially leading to full system control. Experts are urging organizations to take immediate action to patch this vulnerability and ensure their systems are secure against exploitation.

  • Cybersecurity experts have discovered a zero-day vulnerability in PostgreSQL, a popular open-source database management system.
  • The critical flaw is an SQL injection issue caused by improper neutralization of quoting syntax in libpq functions.
  • The vulnerability impacts several versions of PostgreSQL before 17.3, 16.7, 15.11, 14.16, and 13.19.
  • Attackers can execute arbitrary code using psql meta-commands, potentially leading to full system control.
  • Rapid7 discovered the vulnerability, which has a CVSS score of 8.1, making it one of the most critical vulnerabilities in recent times.
  • Experts urge organizations to patch this vulnerability and ensure their systems are secure against exploitation.



    • Cybersecurity experts have been left reeling as a zero-day vulnerability was discovered in the popular open-source database management system, PostgreSQL. The critical flaw, identified by researchers at Rapid7, has been linked to a chain of targeted attacks that have left several organizations vulnerable to exploitation.

    According to the report, the vulnerability CVE-2025-1094 is an SQL injection issue caused by improper neutralization of quoting syntax in libpq functions (PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn()). This flaw arises when applications improperly use the function output to construct queries for psql, PostgreSQL's interactive terminal.

    The vulnerability impacts PostgreSQL versions before 17.3, 16.7, 15.11, 14.16, and 13.19, potentially allowing attackers to inject malicious SQL commands in vulnerable implementations. The flaw was discovered by Stephen Fewer, principal Security Researcher at Rapid7, who reported the issue to PostgreSQL.

    The report highlights that the vulnerability is a critical threat to cybersecurity as it allows attackers to execute arbitrary code by using psql meta-commands, specifically the exclamation mark (!) command, which runs OS shell commands potentially leading to full system control. This could have severe consequences for organizations that rely on PostgreSQL to manage their data.

    The discovery of this zero-day vulnerability is particularly concerning given the recent rise in targeted attacks against organizations worldwide. In this case, researchers at Rapid7 discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094, in PostgreSQL's psql tool. The experts discovered the flaw while investigating the exploitation of the vulnerability CVE-2024-12356 for remote code execution.

    BeyondTrust patched CVE-2024-12356 in December 2024, blocking both vulnerabilities, but CVE-2025-1094 remained a zero-day until Rapid7 reported it to PostgreSQL. This highlights the ongoing cat-and-mouse game between cybersecurity researchers and threat actors, where new vulnerabilities are constantly being discovered and exploited.

    The investigation into the cyberattack against BeyondTrust led to the discovery of the zero-day vulnerabilities CVE-2024-12356 and CVE-2024-12686. Threat actors exploited the flaws to take over Remote Support SaaS instances, including the Treasury Department's one.

    "This Rapid7 discovered that in every scenario we tested, a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution," reads the advisory published by Rapid7. "While CVE-2024-12356 was patched by BeyondTrust in December 2024, and this patch successfully blocks exploitation of both CVE-2024-12356 and CVE-2025-1094, the patch did not address the root cause of CVE-2025-1094, which remained a zero-day until Rapid7 discovered and reported it to PostgreSQL."

    The vulnerability CVE-2025-1094 has a CVSS score of 8.1, making it one of the most critical vulnerabilities in recent times. The report highlights that the vulnerability is caused by how PostgreSQL handles invalid UTF-8 characters, allowing SQL injection in psql.

    Attackers can then execute arbitrary code by using psql meta-commands, specifically the exclamation mark (!) command, which runs OS shell commands potentially leading to full system control. This could have severe consequences for organizations that rely on PostgreSQL to manage their data.

    In response to this critical vulnerability, PostgreSQL has released several versions that address the issue, including:

    * PostgreSQL 17.3
    * PostgreSQL 16.7
    * PostgreSQL 15.11
    * PostgreSQL 14.16
    * PostgreSQL 13.19

    Experts are urging organizations to take immediate action to patch this vulnerability and ensure their systems are secure against exploitation.



    Related Information:

  • https://securityaffairs.com/174218/hacking/postgresql-flaw-chained-with-beyondtrust-zeroday.html


    • Published: Fri Feb 14 05:14:20 2025 by llama3.2 3B Q4_K_M


     |   |   |  Sub Stack  |  Blue Sky


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us