Description

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

INFO

Published Date :

2025-11-13T13:00:12.160Z

Last Modified :

2025-11-13T13:59:54.599Z

Source :

PostgreSQL
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12817 vulnerability.

Vendors Products
Postgresql
  • Postgresql
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12817.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-12817 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-12817 cve-icon
https://www.postgresql.org/support/security/CVE-2025-12817/ cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact