AI description
CVE-2025-8714 is an untrusted data inclusion vulnerability found in the pg_dump utility of PostgreSQL. It allows a malicious superuser on the origin server to inject arbitrary code that can be executed during the restoration of a database dump. This vulnerability affects pg_dump, pg_dumpall, and pg_restore when generating plain-format dumps. Successful exploitation could allow the malicious superuser to execute arbitrary code with the privileges of the client operating system account running psql during the dump restoration process. This could lead to system compromise, unauthorized access, data theft, or further system manipulation. The vulnerability affects versions of PostgreSQL prior to 17.6, 16.10, 15.14, 14.19, and 13.22.
- Description
- Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
- Source
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- CWE-829
- Hype score
- Not currently trending
🚨 Urgent #PostgreSQL Security Update! 🚨 CVEs-2025-8713, -8714, -8715 patched. Includes critical flaw (CVE-2025-8714) allowing RCE via malicious pg_dump file. Read more: 👉 https://t.co/UpnrbThilT #Ubuntu https://t.co/CDILwcMrC9
@Cezar_H_Linux
8 Sept 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent security advisory for the #SUSE Linux community. The new security update for PostgreSQL 15 addresses several high-impact vulnerabilities. The critical ones (CVE-2025-8714/8715) exist in pg_dump, with a CVSS score of 8.8. Read more: 👉 https://t.co/ITeW3IueNX https://t
@Cezar_H_Linux
2 Sept 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualización de seguridad para productos Red Hat ❗CVE-2025-8714 ❗CVE-2025-8715 ➡️Más info: https://t.co/ZMfT1HIF87 https://t.co/Yf0ZHa1Otn
@CERTpy
1 Sept 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC CVE-2025-8714 Postgresql RCE https://t.co/YxeQsvDegS
@orderby99
31 Aug 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Patch #SUSE Linux NOW! ⚡ CVE-2025-8714 & CVE-2025-8715 (CVSS 8.8) in PostgreSQL 17 allow Remote Code Execution via malicious pg_dump files. Read more: 👉 https://t.co/h3UATk6gMz #Security https://t.co/afb37k96PI
@Cezar_H_Linux
28 Aug 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #PostgreSQL13 security patch released for SUSE systems. Patches 3 CVEs, including CVE-2025-8714 and CVE-2025-8715 (CVSS 8.8). Allows RCE via pg_dump. Patch immediately! Read more: 👉 https://t.co/H3jrCaWHhP #Security https://t.co/gZ180Gr79n
@Cezar_H_Linux
28 Aug 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualizaciones de seguridad para PostgreSQL ❗CVE-2025-8714 ❗CVE-2025-8715 ➡️Más info: https://t.co/AjbYKL9C9n https://t.co/ovOt19A9t1
@CERTpy
27 Aug 2025
106 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: #PostgreSQL 17.6 security update patches 3 vulnerabilities, including CVE-2025-8714 & CVE-2025-8715 (CVSS 8.8). Read more: 👉 https://t.co/mTpP8TkjIm #Security https://t.co/Suf8gqORkD
@Cezar_H_Linux
27 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQL、危険度の高い脆弱性2件や55の不具合修正(CVE-2025-8714,CVE-2025-8715) https://t.co/o5LuSoRghi #izumino_trend
@sec_trend
22 Aug 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidades críticas en PostgreSQL ⚠️ CVE-2025-8714 ⚠️ CVE-2025-8715 https://t.co/6JSvKBakaR https://t.co/ozypK8bRsv
@elhackernet
19 Aug 2025
5208 Impressions
30 Retweets
96 Likes
30 Bookmarks
0 Replies
0 Quotes
🚨 Critical PostgreSQL Flaw! 🛠️ CVE-2025-8714: Risk of shell command execution during pg_restore. ✅ Update now or use `--no-comments`. 🔗 Details: https://t.co/L0a1YX6LAX #CyberSecurity #PostgreSQL #Vulnerability https://t.co/EWjTxP8yqi
@sctocs25
18 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-8714 PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities 🎯3.3M+Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/Gz8Ko0iHfD Query:app="PostgreSQL" 🔖Refer: https://t.co/7ypjzJs
@fofabot
18 Aug 2025
9456 Impressions
40 Retweets
148 Likes
62 Bookmarks
0 Replies
1 Quote
🚨🚨PostgreSQL alert! CVE-2025-8714: pg_dump flaw lets malicious superusers inject code during restore. CVE-2025-8715: pg_dump bug allows RCE & SQL injection via crafted psql meta-commands. CVE-2025-8713: Bypasses view ACLs & row security, exposing sensitive data
@zoomeye_team
18 Aug 2025
1253 Impressions
5 Retweets
13 Likes
9 Bookmarks
1 Reply
0 Quotes
#PostgreSQL, grave falla di #code #injection in #pg_dump e #utilità di #backup (CVE-2025-8714/CVE-2025-8715) https://t.co/Uwyoi0MDC5 #SQL #codeinjection #utilitàdibackup
@redmountxyz
18 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQLがセキュリティ更新を公開。CVE-2025-8714とCVE-2025-8715はpg_dumpにおける脆弱性で、CVSSスコア8.8。前者は悪意あるスーパーユーザーによるDBレストア時の任意コード実行。後者は改行インジェクションで、レ
@__kokumoto
18 Aug 2025
343 Impressions
3 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
PostgreSQLの脆弱性(High: CVE-2025-8714, CVE-2025-8715, Low: CVE-2025-8713)と新バージョン(17.6, 16.10, 15.14, 14.19, 13.22,18 Beta 3) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #postgresql https://t.co/dASoj1s84R
@omokazuki
14 Aug 2025
95 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes