Search for vulnerabilities
Vulnerability details: VCID-3342-7zd2-aaac
Vulnerability ID VCID-3342-7zd2-aaac
Aliases CVE-2022-2625
Summary A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
Status Published
Exploitability 0.5
Weighted Severity 7.2
Risk 3.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
System Score Found at
cvssv3 7.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2625.json
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00231 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00705 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00705 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00705 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00705 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00845 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.00893 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
epss 0.01448 https://api.first.org/data/v1/epss?cve=CVE-2022-2625
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2113825
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.0 https://nvd.nist.gov/vuln/detail/CVE-2022-2625
cvssv3.1 8.0 https://nvd.nist.gov/vuln/detail/CVE-2022-2625
cvssv3 7.1 https://www.postgresql.org/support/security/CVE-2022-2625/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2625.json
https://access.redhat.com/security/cve/CVE-2022-2625
https://api.first.org/data/v1/epss?cve=CVE-2022-2625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2625
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202211-04
https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/
https://www.postgresql.org/support/security/CVE-2022-2625/
2113825 https://bugzilla.redhat.com/show_bug.cgi?id=2113825
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:15:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:15:beta1:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:15:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:15:beta2:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2022-2625 https://nvd.nist.gov/vuln/detail/CVE-2022-2625
RHSA-2022:7128 https://access.redhat.com/errata/RHSA-2022:7128
RHSA-2023:0113 https://access.redhat.com/errata/RHSA-2023:0113
RHSA-2023:0160 https://access.redhat.com/errata/RHSA-2023:0160
RHSA-2023:1576 https://access.redhat.com/errata/RHSA-2023:1576
RHSA-2023:1693 https://access.redhat.com/errata/RHSA-2023:1693
USN-5571-1 https://usn.ubuntu.com/5571-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2625.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2625
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2625
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61651
EPSS Score 0.00231
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.