Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-8714 (GCVE-0-2025-8714)
Vulnerability from cvelistv5 – Published: 2025-08-14 13:00 – Updated: 2026-02-26 17:48
VLAI
EPSS
Title
PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
Summary
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
17 , < 17.6
(rpm)
Affected: 16 , < 16.10 (rpm) Affected: 15 , < 15.14 (rpm) Affected: 14 , < 14.19 (rpm) Affected: 0 , < 13.22 (rpm) |
Credits
The PostgreSQL project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T03:55:55.435717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:36.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6",
"status": "affected",
"version": "17",
"versionType": "rpm"
},
{
"lessThan": "16.10",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.14",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.19",
"status": "affected",
"version": "14",
"versionType": "rpm"
},
{
"lessThan": "13.22",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "attacker can direct pg_dump et al. to a malicious origin server"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T13:00:07.046Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2025-8714/"
}
],
"title": "PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client",
"workarounds": [
{
"lang": "en",
"value": "use \"pg_restore --dbname\" instead of restore methods that involve \"psql\""
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2025-8714",
"datePublished": "2025-08-14T13:00:07.046Z",
"dateReserved": "2025-08-07T16:39:47.007Z",
"dateUpdated": "2026-02-26T17:48:36.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-8714",
"date": "2026-06-06",
"epss": "0.00048",
"percentile": "0.1535"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-8714\",\"sourceIdentifier\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"published\":\"2025-08-14T13:15:37.717\",\"lastModified\":\"2025-08-15T13:13:07.817\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.\"},{\"lang\":\"es\",\"value\":\"La inclusi\u00f3n de datos no confiables en pg_dump en PostgreSQL permite que un superusuario malicioso del servidor de origen inyecte c\u00f3digo arbitrario para su ejecuci\u00f3n en tiempo de restauraci\u00f3n como la cuenta del sistema operativo cliente que ejecuta psql para restaurar el volcado, mediante metacomandos psql. pg_dumpall tambi\u00e9n se ve afectado. pg_restore se ve afectado cuando se utiliza para generar un volcado en formato plano. Esto es similar a MySQL CVE-2024-21096. Las versiones anteriores a PostgreSQL 17.6, 16.10, 15.14, 14.19 y 13.22 tambi\u00e9n se ven afectadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"}]}],\"references\":[{\"url\":\"https://www.postgresql.org/support/security/CVE-2025-8714/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8714\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-15T03:55:55.435717Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-14T19:54:48.411Z\"}}], \"cna\": {\"title\": \"PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client\", \"credits\": [{\"lang\": \"en\", \"value\": \"The PostgreSQL project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"PostgreSQL\", \"versions\": [{\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17.6\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"16\", \"lessThan\": \"16.10\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"15\", \"lessThan\": \"15.14\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"14\", \"lessThan\": \"14.19\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"13.22\", \"versionType\": \"rpm\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.postgresql.org/support/security/CVE-2025-8714/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"use \\\"pg_restore --dbname\\\" instead of restore methods that involve \\\"psql\\\"\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-829\", \"description\": \"Inclusion of Functionality from Untrusted Control Sphere\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"attacker can direct pg_dump et al. to a malicious origin server\"}], \"providerMetadata\": {\"orgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"shortName\": \"PostgreSQL\", \"dateUpdated\": \"2025-08-14T13:00:07.046Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-8714\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:48:36.907Z\", \"dateReserved\": \"2025-08-07T16:39:47.007Z\", \"assignerOrgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"datePublished\": \"2025-08-14T13:00:07.046Z\", \"assignerShortName\": \"PostgreSQL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2025-1842
Vulnerability from csaf_certbund - Published: 2025-08-14 22:00 - Updated: 2026-02-04 23:00Summary
PostgreSQL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.
Angriff: Ein Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um Informationen offenzulegen, und um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source PostgreSQL <18 Beta 3
Open Source / PostgreSQL
|
<18 Beta 3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source PostgreSQL <13.22
Open Source / PostgreSQL
|
<13.22 | ||
|
Splunk SOAR <7.1.0
Splunk / SOAR
|
<7.1.0 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source PostgreSQL <15.14
Open Source / PostgreSQL
|
<15.14 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Open Source PostgreSQL <14.19
Open Source / PostgreSQL
|
<14.19 | ||
|
Open Source PostgreSQL <17.6
Open Source / PostgreSQL
|
<17.6 | ||
|
Open Source PostgreSQL <16.10
Open Source / PostgreSQL
|
<16.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source PostgreSQL <18 Beta 3
Open Source / PostgreSQL
|
<18 Beta 3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source PostgreSQL <13.22
Open Source / PostgreSQL
|
<13.22 | ||
|
Splunk SOAR <7.1.0
Splunk / SOAR
|
<7.1.0 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source PostgreSQL <15.14
Open Source / PostgreSQL
|
<15.14 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Open Source PostgreSQL <14.19
Open Source / PostgreSQL
|
<14.19 | ||
|
Open Source PostgreSQL <17.6
Open Source / PostgreSQL
|
<17.6 | ||
|
Open Source PostgreSQL <16.10
Open Source / PostgreSQL
|
<16.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source PostgreSQL <18 Beta 3
Open Source / PostgreSQL
|
<18 Beta 3 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source PostgreSQL <13.22
Open Source / PostgreSQL
|
<13.22 | ||
|
Splunk SOAR <7.1.0
Splunk / SOAR
|
<7.1.0 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source PostgreSQL <15.14
Open Source / PostgreSQL
|
<15.14 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Open Source PostgreSQL <14.19
Open Source / PostgreSQL
|
<14.19 | ||
|
Open Source PostgreSQL <17.6
Open Source / PostgreSQL
|
<17.6 | ||
|
Open Source PostgreSQL <16.10
Open Source / PostgreSQL
|
<16.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
References
77 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um Informationen offenzulegen, und um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1842 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1842.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1842 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1842"
},
{
"category": "external",
"summary": "PostgreSQL 17.6, 16.10, 15.14, 14.19, 13.22, and 18 Beta 3 Release vom 2025-08-14",
"url": "https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/"
},
{
"category": "external",
"summary": "PostgreSQL CVE-2025-8713 vom 2025-08-14",
"url": "https://www.postgresql.org/support/security/CVE-2025-8713/"
},
{
"category": "external",
"summary": "PostgreSQL CVE-2025-8714 vom 2025-08-14",
"url": "https://www.postgresql.org/support/security/CVE-2025-8714/"
},
{
"category": "external",
"summary": "PostgreSQL CVE-2025-8715 vom 2025-08-14",
"url": "https://www.postgresql.org/support/security/CVE-2025-8715/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4273 vom 2025-08-14",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00012.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15453-1 vom 2025-08-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IY5Z7VXGGBWG3QGNNBFUJYBUX3TI7JFK/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15454-1 vom 2025-08-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DFQFY67BVXRWCWWUPVB3QNQR7N73AO6J/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15452-1 vom 2025-08-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QXTYUHIRP34TAJEDQHV2L42M3UA7IKEU/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15451-1 vom 2025-08-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O6GUASXT5LZ6ELLKCTA4Z34DT3T4HJK3/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02842-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022196.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02980-1 vom 2025-08-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022272.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02981-1 vom 2025-08-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022271.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02986-1 vom 2025-08-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022278.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02987-1 vom 2025-08-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022277.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03003-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022287.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02994-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022293.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03005-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022284.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03004-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022285.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15493-1 vom 2025-08-27",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAT3HGA2COHZQLF2K7VPOO4PHSRHZAPQ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02995-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022292.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14826 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14826"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14827 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14862 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14862"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14899 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14899"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14878 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14878"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14870 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14870"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14827 vom 2025-08-29",
"url": "https://oss.oracle.com/pipermail/el-errata/2025-August/018480.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14826 vom 2025-08-29",
"url": "https://oss.oracle.com/pipermail/el-errata/2025-August/018481.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14869 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14869"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14827 vom 2025-08-28",
"url": "https://linux.oracle.com/errata/ELSA-2025-14827.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14826 vom 2025-08-28",
"url": "https://linux.oracle.com/errata/ELSA-2025-14826.html"
},
{
"category": "external",
"summary": "PoC auf GitHub vom 2025-08-31",
"url": "https://github.com/orderby99/CVE-2025-8714-POC"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03030-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022340.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03018-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022334.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03020-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022332.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14878 vom 2025-08-29",
"url": "https://linux.oracle.com/errata/ELSA-2025-14878.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03031-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022339.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14899 vom 2025-08-29",
"url": "http://linux.oracle.com/errata/ELSA-2025-14899.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03019-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022333.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15022 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15022"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15014 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15014"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15034 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15034"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15015 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15015"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15057 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15021 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15021"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15006 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15031 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15031"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15021 vom 2025-09-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-15021.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15022 vom 2025-09-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-15022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15062 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15062"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15114 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15114"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15115 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15115"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15115 vom 2025-09-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-15115.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03018-2 vom 2025-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022385.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15359 vom 2025-09-04",
"url": "https://access.redhat.com/errata/RHSA-2025:15359"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2POSTGRESQL14-2025-019 vom 2025-09-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS2POSTGRESQL14-2025-019.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:15021 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:15021"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:15022 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:15022"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:14899 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:14899"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7741-1 vom 2025-09-08",
"url": "https://ubuntu.com/security/notices/USN-7741-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:14827 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:14827"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:14862 vom 2025-09-08",
"url": "https://errata.build.resf.org/RLSA-2025:14862"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03005-2 vom 2025-09-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022494.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16099 vom 2025-09-17",
"url": "https://access.redhat.com/errata/RHSA-2025:16099"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:14878 vom 2025-10-10",
"url": "https://errata.build.resf.org/RLSA-2025:14878"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03019-2 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022861.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3035 vom 2025-10-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3035.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249276 vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249276"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-404 vom 2025-10-31",
"url": "https://www.dell.com/support/kbdoc/000385435"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/000385230"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-16099 vom 2025-11-20",
"url": "https://linux.oracle.com/errata/ELSA-2025-16099.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28019 vom 2025-12-01",
"url": "https://linux.oracle.com/errata/ELSA-2025-28019.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20251205-0004 vom 2025-12-05",
"url": "https://security.netapp.com/advisory/NTAP-20251205-0004"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20251205-0005 vom 2025-12-05",
"url": "https://security.netapp.com/advisory/NTAP-20251205-0005"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2026-0201 vom 2026-02-04",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0201"
}
],
"source_lang": "en-US",
"title": "PostgreSQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-04T23:00:00.000+00:00",
"generator": {
"date": "2026-02-05T10:00:46.503+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1842",
"initial_release_date": "2025-08-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-08-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-25T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und openSUSE aufgenommen"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "8",
"summary": "PoC aufgenommen"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-09-03T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat, Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und Amazon aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Ubuntu aufgenommen"
},
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-10-13T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-14T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-04T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
}
],
"status": "final",
"version": "25"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade SANnav",
"product": {
"name": "Broadcom Brocade SANnav",
"product_id": "T034392",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Virtual Edition",
"product": {
"name": "Dell NetWorker Virtual Edition",
"product_id": "T048226",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Appliance \u003c5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
"product_id": "T048301"
}
},
{
"category": "product_version",
"name": "Appliance 5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
"product_id": "T048301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.6",
"product": {
"name": "Open Source PostgreSQL \u003c17.6",
"product_id": "T046266"
}
},
{
"category": "product_version",
"name": "17.6",
"product": {
"name": "Open Source PostgreSQL 17.6",
"product_id": "T046266-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:17.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.10",
"product": {
"name": "Open Source PostgreSQL \u003c16.10",
"product_id": "T046267"
}
},
{
"category": "product_version",
"name": "16.1",
"product": {
"name": "Open Source PostgreSQL 16.10",
"product_id": "T046267-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:16.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c15.14",
"product": {
"name": "Open Source PostgreSQL \u003c15.14",
"product_id": "T046268"
}
},
{
"category": "product_version",
"name": "15.14",
"product": {
"name": "Open Source PostgreSQL 15.14",
"product_id": "T046268-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:15.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c14.19",
"product": {
"name": "Open Source PostgreSQL \u003c14.19",
"product_id": "T046269"
}
},
{
"category": "product_version",
"name": "14.19",
"product": {
"name": "Open Source PostgreSQL 14.19",
"product_id": "T046269-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:14.19"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.22",
"product": {
"name": "Open Source PostgreSQL \u003c13.22",
"product_id": "T046270"
}
},
{
"category": "product_version",
"name": "13.22",
"product": {
"name": "Open Source PostgreSQL 13.22",
"product_id": "T046270-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:13.22"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18 Beta 3",
"product": {
"name": "Open Source PostgreSQL \u003c18 Beta 3",
"product_id": "T046271"
}
},
{
"category": "product_version",
"name": "18 Beta 3",
"product": {
"name": "Open Source PostgreSQL 18 Beta 3",
"product_id": "T046271-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:18_beta_3"
}
}
}
],
"category": "product_name",
"name": "PostgreSQL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.0",
"product": {
"name": "Splunk SOAR \u003c7.1.0",
"product_id": "T050521"
}
},
{
"category": "product_version",
"name": "7.1.0",
"product": {
"name": "Splunk SOAR 7.1.0",
"product_id": "T050521-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:soar:7.1.0"
}
}
}
],
"category": "product_name",
"name": "SOAR"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8713",
"product_status": {
"known_affected": [
"T046271",
"67646",
"T046270",
"T050521",
"T004914",
"T032255",
"T039664",
"2951",
"T002207",
"T034392",
"T000126",
"T021415",
"T027843",
"398363",
"T046268",
"T048226",
"T046269",
"T046266",
"T046267",
"T048301"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-8713"
},
{
"cve": "CVE-2025-8714",
"product_status": {
"known_affected": [
"T046271",
"67646",
"T046270",
"T050521",
"T004914",
"T032255",
"T039664",
"2951",
"T002207",
"T034392",
"T000126",
"T021415",
"T027843",
"398363",
"T046268",
"T048226",
"T046269",
"T046266",
"T046267",
"T048301"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-8714"
},
{
"cve": "CVE-2025-8715",
"product_status": {
"known_affected": [
"T046271",
"67646",
"T046270",
"T050521",
"T004914",
"T032255",
"T039664",
"2951",
"T002207",
"T034392",
"T000126",
"T021415",
"T027843",
"398363",
"T046268",
"T048226",
"T046269",
"T046266",
"T046267",
"T048301"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-8715"
}
]
}
WID-SEC-W-2025-2140
Vulnerability from csaf_certbund - Published: 2025-09-25 22:00 - Updated: 2025-10-27 23:00Summary
GitLab: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Basis von git.
Angriff: Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um seine Privilegien zu erhöhen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GitLab <18.3.3
Open Source / GitLab
|
<18.3.3 | ||
|
Open Source GitLab <18.2.7
Open Source / GitLab
|
<18.2.7 | ||
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Open Source GitLab <18.4.1
Open Source / GitLab
|
<18.4.1 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um seine Privilegien zu erh\u00f6hen, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2140 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2140.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2140 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2140"
},
{
"category": "external",
"summary": "GitLab Patch Release vom 2025-09-25",
"url": "https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249276 vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249276"
}
],
"source_lang": "en-US",
"title": "GitLab: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-27T23:00:00.000+00:00",
"generator": {
"date": "2025-10-28T09:28:38.247+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2140",
"initial_release_date": "2025-09-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-28T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-2025-9642, CVE-2025-11042 erg\u00e4nzt"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.4.1",
"product": {
"name": "Open Source GitLab \u003c18.4.1",
"product_id": "T047204"
}
},
{
"category": "product_version",
"name": "18.4.1",
"product": {
"name": "Open Source GitLab 18.4.1",
"product_id": "T047204-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.3.3",
"product": {
"name": "Open Source GitLab \u003c18.3.3",
"product_id": "T047205"
}
},
{
"category": "product_version",
"name": "18.3.3",
"product": {
"name": "Open Source GitLab 18.3.3",
"product_id": "T047205-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.3.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.2.7",
"product": {
"name": "Open Source GitLab \u003c18.2.7",
"product_id": "T047206"
}
},
{
"category": "product_version",
"name": "18.2.7",
"product": {
"name": "Open Source GitLab 18.2.7",
"product_id": "T047206-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.2.7"
}
}
}
],
"category": "product_name",
"name": "GitLab"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10858",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-10858"
},
{
"cve": "CVE-2025-10867",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-10867"
},
{
"cve": "CVE-2025-10868",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-10868"
},
{
"cve": "CVE-2025-10871",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-10871"
},
{
"cve": "CVE-2025-11042",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-11042"
},
{
"cve": "CVE-2025-5069",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-5069"
},
{
"cve": "CVE-2025-7691",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-7691"
},
{
"cve": "CVE-2025-8014",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-8014"
},
{
"cve": "CVE-2025-8713",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-8713"
},
{
"cve": "CVE-2025-8714",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-8714"
},
{
"cve": "CVE-2025-8715",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-8715"
},
{
"cve": "CVE-2025-9642",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-9642"
},
{
"cve": "CVE-2025-9958",
"product_status": {
"known_affected": [
"T047205",
"T047206",
"T021415",
"T047204"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-9958"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…