Description

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

INFO

Published Date :

2025-01-07T19:18:02.865Z

Last Modified :

2025-11-03T17:31:33.459Z

Source :

PostgreSQL
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0218 vulnerability.

Vendors Products
Pgadmin
  • Pgagent
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0218.

URL Resource
https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact