AI description
CVE-2025-1094 is an SQL injection vulnerability found in PostgreSQL's interactive tool, `psql`, and the `libpq` functions. The vulnerability allows attackers to inject malicious SQL code due to improper handling of escaped characters, specifically invalid UTF-8 characters within the PostgreSQL string escaping routines. This can lead to arbitrary code execution by leveraging `psql`'s ability to run meta-commands, potentially granting attackers control over the underlying operating system. This vulnerability affects PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. It was discovered by Rapid7 during their research into CVE-2024-12356, a remote code execution vulnerability in BeyondTrust products. Exploitation of CVE-2024-12356 reportedly required the exploitation of CVE-2025-1094. PostgreSQL users are advised to update to the latest versions to mitigate this vulnerability. The functions affected in the `libpq` library include `PQescapeLiteral()`, `PQescapeIdentifier()`, `PQescapeString()`, and `PQescapeStringConn()`.
- Description
- Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
- Source
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- CWE-149
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
RCE SQL Injection in PostgreSQL (CVE-2025-1094) lo_export ve pg_read_file fonksiyonlarını kullarak oluşturulan güvenlik riski. Güncel sürüm:17.3, 16.7, 15.11, 14.16, 13.19
@mkt_turk
1 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[하루한줄] CVE-2025-1094: PostgreSQL 14.15의 SQL 인젝션 취약점으로 인한 RCE - hackyboiz https://t.co/1Bd3VWg4cr
@akaclandestine
1 May 2025
770 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-1094 RCE SQL Injection in PostgreSQL 14.15 https://t.co/JNjskPq76p
@electrocode
30 Apr 2025
1211 Impressions
0 Retweets
35 Likes
10 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-1094: RCE due to SQL Injection in PostgreSQL 14.15 CVE-2025-1094 is a SQL injection vulnerability found in PostgreSQL 14.15, which is associated with BeyondTrust products and allows remote code execution. https://t.co/PYwfpbh7bS
@hackyboiz
30 Apr 2025
2779 Impressions
8 Retweets
43 Likes
19 Bookmarks
1 Reply
0 Quotes
CVE-2025-1094 - PostgreSQL SQL injection vulnerability https://t.co/0gvFE1cOEE https://t.co/oYvJlI4Gix
@SirajD_Official
13 Apr 2025
18 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
PostgreSQLのpsqlにSQLインジェクションの脆弱性(CVE-2025-1094)が発見され、攻撃者が任意のOSコマンドを実行する可能性がある。 影響を受けるのは、17.3、16.7、15.11、14.16、13.19より前のバージョンで、修正版がリリースされているため、早急なアップデートが推奨される https://t.co/gm0Z20kEBa
@01ra66it
20 Mar 2025
803 Impressions
2 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
PostgreSQLのSQLインジェクション脆弱性(CVE-2025-1094)が9年以上隠れ、アメリカ財務省侵入に悪用された事例が明らかに。psqlのUTF-8処理不備が原因で、ゼロデイ(CVE-2024-12356)と連携し攻撃成功。2025年2月修正済みだが、高度な技術が必要なため広範な悪用は限定的か。
@atkmywk
18 Mar 2025
162 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
CVE-2025-1094: PostgreSQL SQL Injection Vulnerability - ARMO https://t.co/fH3xM1tHjP
@tbbhunter
11 Mar 2025
1412 Impressions
4 Retweets
29 Likes
17 Bookmarks
0 Replies
0 Quotes
GitHub - soltanali0/CVE-2025-1094-Exploit: WebSocket and SQL Injection Exploit Script https://t.co/1FzpGr46ZK
@akaclandestine
9 Mar 2025
2121 Impressions
7 Retweets
38 Likes
17 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1094
@transilienceai
8 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-1094 afecta PostgreSQL, un sistema de gestión de bases de datos relacionales de código abierto. https://t.co/ZUswmaJdKL #alertasdeciberseguridad #ataquesciberneticos #BarracudaNetworks #ciberseguridad
@Cobra_Networks
7 Mar 2025
6 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 New GO-TO CVE Alert! 🚨 We found a #SQLInjection in #PostgreSQL (CVE-2025-1094) that escalated to #RCE via WebSocket hijacking! 💥 🔍 Exploit: SQLi → Unsafe functions → Reverse Shell Stay secure! 🔒 #SQLi #RCE #WebSecurity https://t.co/vR9ucyN762
@soltanali0
27 Feb 2025
666 Impressions
0 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
🔒 Vulnerabilitate SQL Injection în PostgreSQL - CVE-2025-1094 Descoperită recent, CVE-2025-1094 afectează PostgreSQL, permițând unui atacator să realizeze injecții SQL prin funcțiile PQescapeLiteral(), PQescapeIdentifier(), PQescapeString() și PQescapeStringConn(). https://t.co
@DNSC_RO
27 Feb 2025
97 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
⚠️ Vulnerability Alert: PostgreSQL Vulnerability 📅 Timeline: Disclosure: 2025-02-12, Patch: 2025-02-13 📌 Attribution: Stephen Fewer (Rapid7) 🆔cveId: CVE-2025-1094 📊baseScore: 8.1 📏cvssMetrics: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity:
@syedaquib77
27 Feb 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📡 Strategic Insight: PostgreSQL Vulnerability 📅 Context: Addressing improper neutralization vulnerability in PostgreSQL (CVE-2025-1094). 📌 Key Takeaways: - Users are advised to update to corrected versions of PostgreSQL. 📝 Summary: A vulnerability in PostgreSQL required a…
@syedaquib77
27 Feb 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🟡 PostgreSQL zero-day (CVE-2025-1094) exploited in BeyondTrust breach, linked to Chinese state-backed hackers targeting U.S. Treasury systems. Patch released, but full mitigation requires deeper fixes. 🔗 Read more: https://t.co/Xe7A5MDtz8 #CyberSecurity #ZeroDay #PostgreSQL
@Osec__
26 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1094
@transilienceai
25 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📡 Strategic Insight: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) 📅 Context: Chinese state-sponsored hackers breached US Treasury workstations in December 2024 using two zero-day vulnerabilities. 📌 Key Takeaways: - The attack demonstrates the…
@syedaquib77
23 Feb 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
هشدار امنیتی برای کاربران PostgreSQL ۳/۱🔴 به نقل از روابط عمومی آروان کلاد، آسیبپذیری CVE-2025-1094 در PostgreSQL شناسایی شد که مهاجمان میتوانند از طریق SQL Injection به دادههای شما دسترسی پیدا کرده و حتی دستورات سیستمعامل را اجرا کنند!
@filterbaan
20 Feb 2025
430 Impressions
2 Retweets
9 Likes
0 Bookmarks
2 Replies
0 Quotes
⚠️ Vulnerability Alert: PostgreSQL Improper Quoting Vulnerability 📅 Timeline: Disclosure: 2025-01-27, Patch: 2025-02-13 📌 Attribution: Stephen Fewer, Principal Security Researcher, Rapid7 🆔cveId: CVE-2025-1094 📊baseScore: 8.1 📏cvssMetrics:… https://t.co/w7QIeYn41g
@syedaquib77
19 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094 (CVSS:8.1, HIGH) is Awaiting Analysis. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescap..https://t.co/1mEUY8Fznc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad zero-day en PostgreSQL (CVE-2025-1094) permite inyecciones SQL, explotada junto a fallo en BeyondTrust (CVE-2024-12356) afectando al Departamento del Tesoro de EE. UU. Se recomienda actualizar a versiones 17.3, 16.7, 15.11, 14.16 y 13.19. https://t.co/qIr3RGmOec
@twuai_
18 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQLのpsqlで重大度の高い脆弱性(CVE-2025-1094) #セキュリティ対策Lab #セキュリティ https://t.co/HonnZd7Jk3
@securityLab_jp
18 Feb 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094 is a critical SQL injection vulnerability discovered by Rapid7 during the CVE-2024-12356 investigation. It allows attackers to execute arbitrary code via PostgreSQL's interactive tool due to improperly escaped input, with a Metasploit exploit module available.
@GrimmAnalyst
18 Feb 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Listo para Metasploit: CVE-2025-1094 SQLi en PostgreSQL expone los sistemas a ataques remotos https://t.co/EWX0GVixVc
@OmarBeltran1098
17 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 High-severity SQL injection vulnerability (CVE-2025-1094) found in PostgreSQL's psql can lead to arbitrary code execution. Affected versions must be updated! 🛡️ #PostgreSQL #SQLInjection #USA link: https://t.co/jFKACRM2if https://t.co/UaPWYMtalM
@TweetThreatNews
17 Feb 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) https://t.co/quzjOVtySp https://t.co/jXUwgd87ZR
@secharvesterx
17 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-1094: #PostgreSQL psql SQL Injection https://t.co/NTGhKrxsmz
@UndercodeUpdate
17 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1094
@transilienceai
17 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-1094: PostgreSQL psql SQL injection 🔥PoC:https://t.co/9AV8wm2gRm 🧐Deep Dive :https://t.co/1vt35zgdvI ✅Join Telegram- https://t.co/V3wk76X9Vu 👇Dorks: HUNTER : protocol="postgresql" FOFA : product="PostgreSQL" SHODAN : "port:5432 PostgreSQL"… https://t.co/ZFdbCzah
@wtf_brut
17 Feb 2025
1499 Impressions
3 Retweets
27 Likes
15 Bookmarks
2 Replies
0 Quotes
🚨Alert🚨 CVE-2025-1094: PostgreSQL psql SQL injection 🔥PoC:https://t.co/4I1MuN1xLB 🧐Deep Dive :https://t.co/AcNvV6fE9j 📊 956K+Services are found on the https://t.co/0ggQCk2jvE yearly.
@yunus_huse17549
17 Feb 2025
5 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE Alert: PostgreSQL Improper Input Validation Zero-day Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-1094 (CVSS 8.1/10) PostgreSQL Improper Input Validation Vulnerability Impact: A Successful exploit may allows a remote attacker to execute arbitrary
@CyberxtronTech
17 Feb 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian hackers are exploiting Microsoft device code authentication in targeted attacks on M365 accounts. Meanwhile, Metasploit now supports CVE-2025-1094, a PostgreSQL SQL injection flaw that exposes systems to remote attacks. 🔗 https://t.co/aTqBBFlR6I #CyberSecurity #Infosec
@adriananglin
17 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQLのpsqlツールにおけるSQLインジェクション脆弱性CVE-2025-1094に対応するMetasploitモジュールが公開された。"!"メタ文字を使用する事で任意コマンドを実行可能。 https://t.co/rAFvXpVMlF
@__kokumoto
17 Feb 2025
1291 Impressions
3 Retweets
19 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-1094: PostgreSQL psql SQL injection 🔥PoC:https://t.co/gyeczN1OSE 🧐Deep Dive :https://t.co/t4df4L1hgi 📊 956K+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/CoQjRRzFYu 👇Query HUNTER : protocol="postgresql" FOFA :… https:
@HunterMapping
17 Feb 2025
7020 Impressions
51 Retweets
158 Likes
81 Bookmarks
1 Reply
0 Quotes
Metasploit-Ready: CVE-2025-1094 SQLi in #PostgreSQL Exposes Systems to Remote Attacks Explore CVE-2025-1094, a high-severity SQL injection vulnerability in PostgreSQL's psql tool that can execute arbitrary code https://t.co/LU0RNsJv6r
@the_yellow_fall
17 Feb 2025
405 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-1094: PostgreSQL Quoting APIs Miss Neutralizing Quoting Syntax in Text That Fails Encoding Validation ⚠️This flaw allows attackers to inject malicious data into some of the REST API endpoints’ query parameters. ZoomEye Dork👉app="PostgreSQL DB" 3.6m+ results are… ht
@zoomeye_team
16 Feb 2025
1104 Impressions
8 Retweets
16 Likes
10 Bookmarks
0 Replies
0 Quotes
آسیب پذیری SQLi در PostgreSQL در این پست آسیب پذیری CVE-2025-1094 در PostgreSQL و ارتباط اون با هک #BeyondTrust و چندین سازمان و آژانس آمریکایی رو بررسی کردیم. https://t.co/w7IcIsaDPM #آسیب_پذیری_امنیتی #بازیگران_تهدید #PostgreSQL #CVE #APT #SaltTyphoon #sqlinjection
@onhexgroup
16 Feb 2025
55 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Vulnerabilidad crítica en PostgreSQL con inyección SQL ⚠️ CVE-2025-1094 https://t.co/ZfYhyEkemF https://t.co/8pXmmP6rh8
@elhackernet
15 Feb 2025
8800 Impressions
58 Retweets
170 Likes
48 Bookmarks
1 Reply
0 Quotes
🚨 A significant breach at BeyondTrust exploited critical PostgreSQL vulnerabilities (CVE-2024-12356, CVE-2025-1094), compromising U.S. Treasury systems. Linked to Chinese state-backed hackers. ⚠️ #China #BeyondTrust #APIvulnerability link: https://t.co/qOW8jUtxDn https://t.co/A
@TweetThreatNews
15 Feb 2025
49 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری CVE-2025-1094 در PostgreSQL اکسپلویت شد! #Cyber_Security_News #اخبار_امنیت_سایبری #PostgreSQL #CVE_2024_12356 #CVE_2025_1094 https://t.co/lcqTSoLMkm
@vulnerbyte
15 Feb 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094 impacts PostgreSQL with SQL injection #PostgreSQL #CVE-2025-1094 https://t.co/KqrWnycBKW
@pravin_karthik
15 Feb 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQL & BeyondTrust Zero-Day Exploited in Targeted Attacks! Hackers abused a PostgreSQL flaw (CVE-2025-1094, CVSS 8.1) & a BeyondTrust zero-day for unauth RCE. ⚠️ PostgreSQL patched it—update now! CISA mandates fixes for SimpleHelp CVE-2024-57727 by March 6.… https
@dCypherIO
14 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A nova vulnerabilidade CVE-2025-1094 no PostgreSQL revelada! Com um CVSS de 8.1, ela permite injeções SQL que podem mexer até com o shell do SO! 🐍💻 Você está usando versões seguras? Confira se sua instalação foi atualizada para evitar surpresas. #IncursioHack
@IncursioHack
14 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🔒 Urgent Security Update: A new SQL injection flaw in PostgreSQL (CVE-2025-1094) has been exploited alongside a BeyondTrust zero-day 🛡️💻 Read our advice: https://t.co/32LYpZP572 or try https://t.co/4KsrhURxeA today and register for free #CyberSecurity #PostgreSQL #InfoSec
@BaseFortify
14 Feb 2025
38 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094: Improper Neutralization of Quoting Syntax in PostgreSQL functions, 8.1 rating❗️ A vulnerability in some functions of the libpq library allows SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/pQY8hOIqew #cybersecurity #vulnerability_map htt
@Netlas_io
14 Feb 2025
39 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094: vulnerabilità SQL injection in PostgreSQL psql risolta Sicurezza Informatica, CVE-2025-1094, cybersecurity, database, exploit, PostgreSQL, PostgreSQL aggiornamento sicurezza, psql, Rapid7, sql, SQL injection, vulnerabilità https://t.co/IBa7qiND6C https://t.co/aHIJx
@matricedigitale
14 Feb 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent findings reveal a PostgreSQL vulnerability (CVE-2025-1094) exploited alongside a BeyondTrust zero-day. Updates are critical for security. ⚠️ #PostgreSQL #BeyondTrust #USA link: https://t.co/199MhDDOCk https://t.co/Zrh61EJGaV
@TweetThreatNews
14 Feb 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 A newly discovered SQL injection flaw (CVE-2025-1094) in PostgreSQL can lead to arbitrary code execution, exploiting the psql tool’s meta-commands. This vulnerability links to another zero-day exploit in BeyondTrust products, revealing a serious interconnected risk. 🛡️
@eilonh1
14 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerability Alert: PostgreSQL Zero-Day Vulnerability 📅 Timeline: Disclosure: 2025-01-29, Patch: 2025-02-13 📌 Attribution: Rapid7 📝 Detailed Summary: CVE-2025-1094 is a high-severity SQL injection vulnerability affecting PostgreSQL's psql tool. It arises due to incorrect
@syedaquib77
14 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes