AI description
CVE-2025-8714 is an untrusted data inclusion vulnerability found in the pg_dump utility of PostgreSQL. It allows a malicious superuser on the origin server to inject arbitrary code that can be executed during the restoration of a database dump. This vulnerability affects pg_dump, pg_dumpall, and pg_restore when generating plain-format dumps. Successful exploitation could allow the malicious superuser to execute arbitrary code with the privileges of the client operating system account running psql during the dump restoration process. This could lead to system compromise, unauthorized access, data theft, or further system manipulation. The vulnerability affects versions of PostgreSQL prior to 17.6, 16.10, 15.14, 14.19, and 13.22.
- Description
- Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
- Source
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- CWE-829
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
26
🚨 Vulnerabilidades críticas en PostgreSQL ⚠️ CVE-2025-8714 ⚠️ CVE-2025-8715 https://t.co/6JSvKBakaR https://t.co/ozypK8bRsv
@elhackernet
19 Aug 2025
2947 Impressions
16 Retweets
41 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 Critical PostgreSQL Flaw! 🛠️ CVE-2025-8714: Risk of shell command execution during pg_restore. ✅ Update now or use `--no-comments`. 🔗 Details: https://t.co/L0a1YX6LAX #CyberSecurity #PostgreSQL #Vulnerability https://t.co/EWjTxP8yqi
@sctocs25
18 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-8714 PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities 🎯3.3M+Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/Gz8Ko0iHfD Query:app="PostgreSQL" 🔖Refer: https://t.co/7ypjzJs
@fofabot
18 Aug 2025
9456 Impressions
40 Retweets
148 Likes
62 Bookmarks
0 Replies
1 Quote
🚨🚨PostgreSQL alert! CVE-2025-8714: pg_dump flaw lets malicious superusers inject code during restore. CVE-2025-8715: pg_dump bug allows RCE & SQL injection via crafted psql meta-commands. CVE-2025-8713: Bypasses view ACLs & row security, exposing sensitive data
@zoomeye_team
18 Aug 2025
1253 Impressions
5 Retweets
13 Likes
9 Bookmarks
1 Reply
0 Quotes
#PostgreSQL, grave falla di #code #injection in #pg_dump e #utilità di #backup (CVE-2025-8714/CVE-2025-8715) https://t.co/Uwyoi0MDC5 #SQL #codeinjection #utilitàdibackup
@redmountxyz
18 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQLがセキュリティ更新を公開。CVE-2025-8714とCVE-2025-8715はpg_dumpにおける脆弱性で、CVSSスコア8.8。前者は悪意あるスーパーユーザーによるDBレストア時の任意コード実行。後者は改行インジェクションで、レ
@__kokumoto
18 Aug 2025
343 Impressions
3 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
PostgreSQLの脆弱性(High: CVE-2025-8714, CVE-2025-8715, Low: CVE-2025-8713)と新バージョン(17.6, 16.10, 15.14, 14.19, 13.22,18 Beta 3) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #postgresql https://t.co/dASoj1s84R
@omokazuki
14 Aug 2025
95 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes