Have you upgraded to the latest minor release of #PostgreSQL yet?
> Threat actors combined a BeyondTrust zero-day (CVE-2024-12356) with a new PostgreSQL vulnerability (CVE-2025-1094).
CVE-2025-1094 allows for SQL injection and shell command execution through PostgreSQL’s psql interactive tool.
> Successful exploitation leads to arbitrary code execution. Affected PostgreSQL versions: 13–17 (fixed in latest patches).
Read more on HackerNews: https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html
#tech #zeroday #postgres
Data Bene /
npub1ae…tvvjn
2025-02-15 17:52:53
Author Public Key
npub1ae96esz5j8es4nk06qdrusgwq80l2vm3t8x0vlkf05nlka8dw9vqwtvvjnPublished at
2025-02-15 17:52:53Event JSON
{
"id": "1462d40206a9119763cbf0fad692b5bf56a62ce639aeffa2e9722d6ef2bae22d",
"pubkey": "ee4bacc05491f30acecfd01a3e410e01dff5337159ccf67ec97d27fb74ed7158",
"created_at": 1739641973,
"kind": 1,
"tags": [
[
"t",
"postgresql"
],
[
"t",
"tech"
],
[
"t",
"zeroday"
],
[
"t",
"postgres"
],
[
"proxy",
"https://fosstodon.org/users/data_bene/statuses/114009176351752744",
"activitypub"
]
],
"content": "Have you upgraded to the latest minor release of #PostgreSQL yet?\n\n\u003e Threat actors combined a BeyondTrust zero-day (CVE-2024-12356) with a new PostgreSQL vulnerability (CVE-2025-1094).\nCVE-2025-1094 allows for SQL injection and shell command execution through PostgreSQL’s psql interactive tool.\n\n\u003e Successful exploitation leads to arbitrary code execution. Affected PostgreSQL versions: 13–17 (fixed in latest patches).\n\nRead more on HackerNews: https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html\n\n#tech #zeroday #postgres",
"sig": "edfb061a85a0f3c4a921a3b8c9f1e65860bfa3a48bb38a0fda7f2b83558a722cc49497d0ccf0b9c56aff4bb1cae3e375d942b1affd6b9ef833a00953eb275de5"
}