INFSA-2025:14899: postgresql:16 security update
Information about definition
Identificator: INFSA-2025:14899
Type: security
Release date: 2025-09-04 22:12:39 UTC
Information about package
PostgreSQL is an advanced object-relational database management system (DBMS).
Vulnerabilities description
- CVE-2025-8714
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pg_dump, pg_dumpall, and pg_restore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to untrusted data inclusion.
- CVE-2025-8715
A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pg_dump, pg_dumpall, pg_restore, and pg_upgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are restored by psql due to an improper neutralization of newlines.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-8714
|
no information | 8.8 | no information |
|
NIST — CVE-2025-8715
|
no information | 8.8 | no information |
Updated packages