{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8714", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2025-08-07T16:39:47.007Z", "datePublished": "2025-08-14T13:00:07.046Z", "dateUpdated": "2025-08-15T03:55:54.637Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2025-08-14T13:00:07.046Z"}, "title": "PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client", "descriptions": [{"lang": "en", "value": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected."}], "affected": [{"defaultStatus": "unaffected", "product": "PostgreSQL", "vendor": "n/a", "versions": [{"lessThan": "17.6", "status": "affected", "version": "17", "versionType": "rpm"}, {"lessThan": "16.10", "status": "affected", "version": "16", "versionType": "rpm"}, {"lessThan": "15.14", "status": "affected", "version": "15", "versionType": "rpm"}, {"lessThan": "14.19", "status": "affected", "version": "14", "versionType": "rpm"}, {"lessThan": "13.22", "status": "affected", "version": "0", "versionType": "rpm"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-829", "type": "CWE", "description": "Inclusion of Functionality from Untrusted Control Sphere"}]}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2025-8714/"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "configurations": [{"lang": "en", "value": "attacker can direct pg_dump et al. to a malicious origin server"}], "workarounds": [{"lang": "en", "value": "use \"pg_restore --dbname\" instead of restore methods that involve \"psql\""}], "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-8714"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T03:55:54.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-14T19:54:25.864390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T19:54:48.411Z"}}], "cna": {"title": "PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client", "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "n/a", "product": "PostgreSQL", "versions": [{"status": "affected", "version": "17", "lessThan": "17.6", "versionType": "rpm"}, {"status": "affected", "version": "16", "lessThan": "16.10", "versionType": "rpm"}, {"status": "affected", "version": "15", "lessThan": "15.14", "versionType": "rpm"}, {"status": "affected", "version": "14", "lessThan": "14.19", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "13.22", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2025-8714/"}], "workarounds": [{"lang": "en", "value": "use \"pg_restore --dbname\" instead of restore methods that involve \"psql\""}], "descriptions": [{"lang": "en", "value": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "Inclusion of Functionality from Untrusted Control Sphere"}]}], "configurations": [{"lang": "en", "value": "attacker can direct pg_dump et al. to a malicious origin server"}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2025-08-14T13:00:07.046Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8714", "state": "PUBLISHED", "dateUpdated": "2025-08-15T03:55:54.637Z", "dateReserved": "2025-08-07T16:39:47.007Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2025-08-14T13:00:07.046Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected."}], "id": "CVE-2025-8714", "lastModified": "2025-08-15T13:13:07.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}, "published": "2025-08-14T13:15:37.717", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://www.postgresql.org/support/security/CVE-2025-8714/"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}

{"bugzilla": {"description": "postgresql: PostgreSQL code execution in restore operation", "id": "2388553", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388553"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-829", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-8714", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "postgresql16", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:12/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:13/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:15/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "postgresql:15/postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-14T13:00:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8714\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8714\nhttps://www.postgresql.org/support/security/CVE-2025-8714/"], "threat_severity": "Important"}