Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fck5-tfaf-5kbx
Vulnerability ID VCID-fck5-tfaf-5kbx
Aliases CVE-2025-12817
Summary PostgreSQL CREATE STATISTICS does not check for schema CREATE privilegemore details
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-862 Missing Authorization
System Score Found at
cvssv3 4.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12817.json
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2025-12817
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.1 https://www.postgresql.org/support/security/CVE-2025-12817/
cvssv3.1 3.1 https://www.postgresql.org/support/security/CVE-2025-12817/
ssvc Track https://www.postgresql.org/support/security/CVE-2025-12817/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12817.json
https://api.first.org/data/v1/epss?cve=CVE-2025-12817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
https://www.postgresql.org/support/security/CVE-2025-12817/
2414825 https://bugzilla.redhat.com/show_bug.cgi?id=2414825
RHSA-2025:22728 https://access.redhat.com/errata/RHSA-2025:22728
RHSA-2025:23022 https://access.redhat.com/errata/RHSA-2025:23022
RHSA-2025:23023 https://access.redhat.com/errata/RHSA-2025:23023
RHSA-2026:0262 https://access.redhat.com/errata/RHSA-2026:0262
RHSA-2026:0263 https://access.redhat.com/errata/RHSA-2026:0263
RHSA-2026:0264 https://access.redhat.com/errata/RHSA-2026:0264
RHSA-2026:0265 https://access.redhat.com/errata/RHSA-2026:0265
RHSA-2026:0266 https://access.redhat.com/errata/RHSA-2026:0266
RHSA-2026:0267 https://access.redhat.com/errata/RHSA-2026:0267
RHSA-2026:0268 https://access.redhat.com/errata/RHSA-2026:0268
RHSA-2026:0269 https://access.redhat.com/errata/RHSA-2026:0269
RHSA-2026:0270 https://access.redhat.com/errata/RHSA-2026:0270
RHSA-2026:0455 https://access.redhat.com/errata/RHSA-2026:0455
RHSA-2026:0456 https://access.redhat.com/errata/RHSA-2026:0456
RHSA-2026:0491 https://access.redhat.com/errata/RHSA-2026:0491
RHSA-2026:0492 https://access.redhat.com/errata/RHSA-2026:0492
RHSA-2026:0493 https://access.redhat.com/errata/RHSA-2026:0493
RHSA-2026:0519 https://access.redhat.com/errata/RHSA-2026:0519
RHSA-2026:0523 https://access.redhat.com/errata/RHSA-2026:0523
RHSA-2026:0524 https://access.redhat.com/errata/RHSA-2026:0524
RHSA-2026:0525 https://access.redhat.com/errata/RHSA-2026:0525
RHSA-2026:8756 https://access.redhat.com/errata/RHSA-2026:8756
USN-7908-1 https://usn.ubuntu.com/7908-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12817.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://www.postgresql.org/support/security/CVE-2025-12817/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T13:59:49Z/ Found at https://www.postgresql.org/support/security/CVE-2025-12817/
Exploit Prediction Scoring System (EPSS)
Percentile 0.16236
EPSS Score 0.00052
Published At April 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:35:50.753477+00:00 PostgreSQL Importer Import https://www.postgresql.org/support/security/CVE-2025-12817 38.0.0