CVE-2025-58450
published 2025-09-08CVE-2025-58450: pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The…
PriorityP261critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.34%
25.9th percentile
pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a patch to mitigate such attempts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prest | prest | < 2.0.0-rc3 | 2.0.0-rc3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest
osv·2025-09-17
CVE-2025-58450 pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest
pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest
pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest
GHSA
pREST has a Systemic SQL Injection Vulnerability
ghsa·2025-09-08
CVE-2025-58450 [CRITICAL] CWE-89 pREST has a Systemic SQL Injection Vulnerability
pREST has a Systemic SQL Injection Vulnerability
# Summary
pREST provides a simple way for users to expose access their database via a REST-full API. The project is implemented using the Go programming language and is designed to expose access to Postgres database tables.
During an independent review of the project, Doyensec engineers found that SQL injection is a systemic problem in the current implementation (version `v2.0.0-rc2`). Even though there are several instances of attempts to sanitize user input and mitigate injection attempts, we have found that on most code-paths, the protection is faulty or non-existent.
## Core Endpoints
The main functionality providing REST operations on the data stored in the Postgres database is exposed via the following endpoints:
- `GET /{database}/
OSV
pREST has a Systemic SQL Injection Vulnerability
osv·2025-09-08
CVE-2025-58450 [CRITICAL] pREST has a Systemic SQL Injection Vulnerability
pREST has a Systemic SQL Injection Vulnerability
# Summary
pREST provides a simple way for users to expose access their database via a REST-full API. The project is implemented using the Go programming language and is designed to expose access to Postgres database tables.
During an independent review of the project, Doyensec engineers found that SQL injection is a systemic problem in the current implementation (version `v2.0.0-rc2`). Even though there are several instances of attempts to sanitize user input and mitigate injection attempts, we have found that on most code-paths, the protection is faulty or non-existent.
## Core Endpoints
The main functionality providing REST operations on the data stored in the Postgres database is exposed via the following endpoints:
- `GET /{database}/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-08
Published