8.8
CVE-2025-8715 - PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore tarβ¦
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacksβ¦
8.8
CVE-2025-8714 - PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affecβ¦
3.1
CVE-2025-8713 - PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; thisβ¦
0.0
CVE-2025-55726 -
Not used
0.0
CVE-2025-55723 -
Not used
0.0
CVE-2025-55721 -
Not used
0.0
CVE-2025-55725 -
Not used
0.0
CVE-2025-55724 -
Not used
0.0
CVE-2025-55722 -
Not used
0.0
CVE-2025-55720 -
Not used