CVE-2025-8715CRLF Injection in Postgresql-13

CWE-93CRLF Injection8 documents7 sources
Severity
8.8HIGHNVD
OSV6.8OSV3.1
EPSS
0.1%
top 83.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian Postgresql-13Debian Postgresql-15Debian Postgresql-17+2 more
Timeline
PublishedAug 14
Latest updateSep 8

Description

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/postgresql-13< postgresql-13 13.22-0+deb11u1 (bullseye)
debiandebian/postgresql-15< postgresql-13 13.22-0+deb11u1 (bullseye)
debiandebian/postgresql-17< postgresql-13 13.22-0+deb11u1 (bullseye)

🔴Vulnerability Details

3
OSV
postgresql-14, postgresql-16, postgresql-17 vulnerabilities2025-09-08
OSV
CVE-2025-8715: Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as2025-08-14
GHSA
GHSA-xh8r-9824-53cf: Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as2025-08-14

📋Vendor Advisories

4
Ubuntu
PostgreSQL vulnerabilities2025-09-08
Red Hat
postgresql: PostgreSQL executes arbitrary code in restore operation2025-08-14
Microsoft
PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server2025-08-12
Debian
CVE-2025-8715: postgresql-13 - Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of th...2025