PostgreSQL Fixes Data Leakage and Remote Code Execution Risks

On August 14, 2025, PostgreSQL released emergency security patches for three vulnerabilities (CVE-2025-8713, CVE-2025-8714, and CVE-2025-8715) affecting versions 13 through 17. The most severe flaws enable code injection during restoration of database backups, potentially leading to arbitrary OS-level code execution and data exposure.

Severity Level: High

Vulnerability Details

1. CVE-2025-8713 – Optimizer Statistics Data Leakage
   • CVSS Score: 3.1
   • Description: PostgreSQL’s optimizer statistics allowed users to access sampled data from views or partitions where access should have been restricted.
   • Root Cause: Incomplete fixes from earlier vulnerabilities (CVE-2017-7484, CVE-2019-10130) left a gap in statistics handling.
   • Exploitation: Attackers could craft a leaky operator to bypass ACLs and row-level security policies, exposing histograms and most-common-values lists.
   • Affected Versions: PostgreSQL 13–17 (before 13.22, 14.19, 15.14, 16.10, 17.6).
     
     
2. CVE-2025-8714 – pg_dump Arbitrary Code Execution via Untrusted Data
   • CVSS Score: 8.8
   • Description: pg_dump and pg_restore could be manipulated to execute arbitrary OS-level code during restore operations.
   • Root Cause: Failure to sanitize psql meta-commands embedded in dumps from malicious origin servers.
   • Exploitation: A malicious PostgreSQL superuser on the source system could inject commands that execute during restore, compromising the client machine.
   • Affected Versions: PostgreSQL 13–17 (before 13.22, 14.19, 15.14, 16.10, 17.6).
     
     
3. CVE-2025-8715 – Newline Injection in pg_dump Object Names
   • CVSS Score: 8.8
   • Description: Improper neutralization of newlines in object names within pg_dump enabled arbitrary code execution and SQL injection on restore servers.
   • Root Cause: A regression reintroduced an older class of vulnerability (CVE-2012-0868 was supposed to address this, but code from version 11.20 reopened it).
   • Exploitation: Attackers could craft specially named objects that, when dumped and restored, execute arbitrary OS commands or SQL as a superuser.
   • Affected Versions: PostgreSQL 13–17 (before 13.22, 14.19, 15.14, 16.10, 17.6).
     

Recommendations

1. Immediately upgrade to PostgreSQL 17.6, 16.10, 15.14, 14.19, or 13.22 (depending on deployment).
2. For environments on PostgreSQL 13, plan migration before EOL on November 13, 2025 to remain supported.
3. Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.
4. Ensure BRIN indexes using numeric_minmax_multi_ops are reindexed after the upgrade.
5. Restrict superuser roles strictly to trusted administrators to reduce risk of malicious pg_dump abuse.
6. Enforce least privilege principles for all database roles.
7. Regularly audit role assignments and remove unused superuser accounts.

Source:

• https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.