Search for vulnerabilities
Vulnerability details: VCID-sfhd-p49q-2udd
Vulnerability ID VCID-sfhd-p49q-2udd
Aliases CVE-2025-1094
Summary postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Status Published
Exploitability 2.0
Weighted Severity 7.3
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-149 Improper Neutralization of Quoting Syntax
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1094.json
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.82017 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.8363 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.8363 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84024 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84091 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
epss 0.84403 https://api.first.org/data/v1/epss?cve=CVE-2025-1094
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.1 https://www.postgresql.org/support/security/CVE-2025-1094/
cvssv3.1 8.1 https://www.postgresql.org/support/security/CVE-2025-1094/
cvssv3.1 8.1 https://www.postgresql.org/support/security/CVE-2025-1094/
ssvc Track https://www.postgresql.org/support/security/CVE-2025-1094/
ssvc Track https://www.postgresql.org/support/security/CVE-2025-1094/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1094.json
https://api.first.org/data/v1/epss?cve=CVE-2025-1094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1094
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2025/02/msg00015.html
https://lists.debian.org/debian-lts-announce/2025/02/msg00024.html
https://security.netapp.com/advisory/ntap-20250221-0010/
https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/
https://www.postgresql.org/support/security/CVE-2025-1094/
http://www.openwall.com/lists/oss-security/2025/02/16/3
http://www.openwall.com/lists/oss-security/2025/02/20/1
2345548 https://bugzilla.redhat.com/show_bug.cgi?id=2345548
CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094
RHSA-2025:1720 https://access.redhat.com/errata/RHSA-2025:1720
RHSA-2025:1721 https://access.redhat.com/errata/RHSA-2025:1721
RHSA-2025:1722 https://access.redhat.com/errata/RHSA-2025:1722
RHSA-2025:1723 https://access.redhat.com/errata/RHSA-2025:1723
RHSA-2025:1724 https://access.redhat.com/errata/RHSA-2025:1724
RHSA-2025:1725 https://access.redhat.com/errata/RHSA-2025:1725
RHSA-2025:1726 https://access.redhat.com/errata/RHSA-2025:1726
RHSA-2025:1727 https://access.redhat.com/errata/RHSA-2025:1727
RHSA-2025:1728 https://access.redhat.com/errata/RHSA-2025:1728
RHSA-2025:1729 https://access.redhat.com/errata/RHSA-2025:1729
RHSA-2025:1730 https://access.redhat.com/errata/RHSA-2025:1730
RHSA-2025:1731 https://access.redhat.com/errata/RHSA-2025:1731
RHSA-2025:1732 https://access.redhat.com/errata/RHSA-2025:1732
RHSA-2025:1733 https://access.redhat.com/errata/RHSA-2025:1733
RHSA-2025:1735 https://access.redhat.com/errata/RHSA-2025:1735
RHSA-2025:1736 https://access.redhat.com/errata/RHSA-2025:1736
RHSA-2025:1737 https://access.redhat.com/errata/RHSA-2025:1737
RHSA-2025:1738 https://access.redhat.com/errata/RHSA-2025:1738
RHSA-2025:1739 https://access.redhat.com/errata/RHSA-2025:1739
RHSA-2025:1740 https://access.redhat.com/errata/RHSA-2025:1740
RHSA-2025:1741 https://access.redhat.com/errata/RHSA-2025:1741
RHSA-2025:1742 https://access.redhat.com/errata/RHSA-2025:1742
RHSA-2025:1743 https://access.redhat.com/errata/RHSA-2025:1743
RHSA-2025:1744 https://access.redhat.com/errata/RHSA-2025:1744
RHSA-2025:1745 https://access.redhat.com/errata/RHSA-2025:1745
RHSA-2025:3050 https://access.redhat.com/errata/RHSA-2025:3050
RHSA-2025:3062 https://access.redhat.com/errata/RHSA-2025:3062
RHSA-2025:3063 https://access.redhat.com/errata/RHSA-2025:3063
RHSA-2025:3064 https://access.redhat.com/errata/RHSA-2025:3064
RHSA-2025:3082 https://access.redhat.com/errata/RHSA-2025:3082
RHSA-2025:3978 https://access.redhat.com/errata/RHSA-2025:3978
USN-7315-1 https://usn.ubuntu.com/7315-1/
USN-7315-2 https://usn.ubuntu.com/7315-2/
Data source Metasploit
Description This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS), with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below.
Note 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Ransomware campaign use Unknown
Source publication date Dec. 16, 2024
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1094.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.postgresql.org/support/security/CVE-2025-1094/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.postgresql.org/support/security/CVE-2025-1094/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:18:35Z/ Found at https://www.postgresql.org/support/security/CVE-2025-1094/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:18:35Z/ Found at https://www.postgresql.org/support/security/CVE-2025-1094/
Exploit Prediction Scoring System (EPSS)
Percentile 0.99139
EPSS Score 0.82017
Published At May 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-03-28T05:42:29.462098+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1094.json 36.0.0