CVE-2025-4207

Published May 8, 2025

Last updated a month ago

CVSS medium 5.9

Overview

Description
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.9
Impact score
3.6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CWE-126

Social media

Hype score
Not currently trending

  1. 🚨 Critical #PostgreSQL update! CVE-2025-4207 (CVSS 5.9) lets attackers crash DBs via GB18030 encoding. Patch instructions for #SUSE Linux: 👇https://t.co/t4Bve56XdQ #DataSecurity https://t.co/MGX8HEnX5b

    @Cezar_H_Linux

    13 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 PostgreSQL 16.9 security patch is out! CVE-2025-4207 (CVSS 5.9) fixes GB18030 encoding risks. Affects SUSE Linux Enterprise 12 SP5. Patch via zypper or YaST. 🔗 Details: 👉https://t.co/3Xm6qLLyC2 #DevOps #DataSecurity https://t.co/a6jyf50iH4

    @Cezar_H_Linux

    31 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 PostgreSQL admins: Critical 16.9 update patches CVE-2025-4207 (CVSS 5.9) affecting GB18030 encoding. Patch now via: 🔹 YaST Online Update 🔹 zypper patch 🔹 Manual package installation Details: https://t.co/GN9EiMZfqe #InfoSec #DevOp

    @Cezar_H_Linux

    31 May 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-4207 Alert: PostgreSQL 17.5 update fixes critical GB18030 encoding flaw. SUSE Linux admins—patch NOW to prevent memory breaches! Read more: 👉 https://t.co/Sadb0LSoC1 #DevOps #InfoSec #Linux https://t.co/h4ZQqdIbDz

    @Cezar_H_Linux

    31 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚀 Patch Alert! 🚀 #PostgreSQL 14.18 fixes CVE-2025-4207 (CVSS 5.9) on #SUSE 15 SP7. Don’t let GB18030 encoding flaws crash your DB! 📌 Update via: zypper in -t patch [code] Read more: 👉https://t.co/quJ9fxKXse https://t.co/j8uF1rhg4A

    @Cezar_H_Linux

    26 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-4207 Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read… https://t.co/WWeK5nUuyw

    @CVEnew

    8 May 2025

    341 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.