Summary: Recent findings from Rapid7 indicate that the same threat actors exploiting a zero-day vulnerability in BeyondTrust software also took advantage of a SQL injection vulnerability in PostgreSQL, tracked as CVE-2025-1094. This vulnerability allows for arbitrary code execution through the interactive tool psql due to improper handling of invalid UTF-8 characters. PostgreSQL maintainers have released updates to address this issue across various versions of the software, which is critical for maintaining security protocols.
Affected: PostgreSQL, BeyondTrust Privileged Remote Access and Remote Support products
Keypoints :
- Vulnerability CVE-2025-1094 (CVSS score: 8.1) allows for arbitrary code execution via SQL injection.
- Exploitation of CVE-2025-1094 is necessary for achieving remote code execution in CVE-2024-12356.
- Updates for PostgreSQL have been released for versions 13 through 17 to address the vulnerability.
- The issue arises from how PostgreSQL processes invalid UTF-8 characters, enabling attackers to execute shell commands.
Source: https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html