CVE-2025-8715
high
CVSS v3
β
CVSS v4 NEW
β
VIR risk
8.0
Description
RHSA-2025:15115: postgresql:12 security update (Important)
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description postgresql: PostgreSQL executes arbitrary code in restore operation Red Hat statement To exploit this flaw, a malicious PostgreSQL user needs to inject arbitrary code or the SQL injection payload in a database object name. The malicious code will only be executed on the client machine when a user restore the crafted dump file. Due to these reasons, this vulnerability has been ratedβ¦
Description
postgresql: PostgreSQL executes arbitrary code in restore operation
Red Hat statement
To exploit this flaw, a malicious PostgreSQL user needs to inject arbitrary code or the SQL injection payload in a database object name. The malicious code will only be executed on the client machine when a user restore the crafted dump file. Due to these reasons, this vulnerability has been rated with an Important severity.
CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | postgresql16-0:16.10-1.el10_0 | RHSA-2025:14826 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 8 | postgresql:16-8100020250818110346.489197e6 | RHSA-2025:14899 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 8 | postgresql:13-8100020250818110147.489197e6 | RHSA-2025:15021 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8 | postgresql:15-8100020250818110305.489197e6 | RHSA-2025:15022 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8 | postgresql:12-8100020250829093521.489197e6 | RHSA-2025:15115 | 2025-09-03T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | postgresql:12-8020020250826135918.4cda2c84 | RHSA-2025:15361 | 2025-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql:12-8040020250820054803.522a0ee4 | RHSA-2025:15034 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql:13-8040020250818170654.522a0ee4 | RHSA-2025:15057 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | postgresql:12-8060020250820072728.ad008a3a | RHSA-2025:15006 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | postgresql:13-8060020250825094024.ad008a3a | RHSA-2025:15359 | 2025-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | postgresql:12-8060020250820072728.ad008a3a | RHSA-2025:15006 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | postgresql:13-8060020250825094024.ad008a3a | RHSA-2025:15359 | 2025-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | postgresql:12-8060020250820072728.ad008a3a | RHSA-2025:15006 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | postgresql:13-8060020250825094024.ad008a3a | RHSA-2025:15359 | 2025-09-04T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | postgresql:12-8080020250819150429.63b34585 | RHSA-2025:15012 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | postgresql:13-8080020250819150623.63b34585 | RHSA-2025:15013 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | postgresql:15-8080020250815150643.63b34585 | RHSA-2025:15031 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | postgresql:12-8080020250819150429.63b34585 | RHSA-2025:15012 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | postgresql:13-8080020250819150623.63b34585 | RHSA-2025:15013 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | postgresql:15-8080020250815150643.63b34585 | RHSA-2025:15031 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 9 | postgresql:16-9060020250817200213.rhel9 | RHSA-2025:14827 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 9 | postgresql:15-9060020250817180313.rhel9 | RHSA-2025:14862 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 9 | postgresql-0:13.22-1.el9_6 | RHSA-2025:14878 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | postgresql-0:13.22-1.el9_0 | RHSA-2025:14870 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | postgresql-0:13.22-1.el9_2 | RHSA-2025:14869 | 2025-08-28T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | postgresql:15-9020020250815141744.rhel9 | RHSA-2025:15062 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | postgresql:15-9040020250818140154.rhel9 | RHSA-2025:15014 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | postgresql:16-9040020250818135852.rhel9 | RHSA-2025:15015 | 2025-09-02T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | postgresql-0:13.22-1.el9_4 | RHSA-2025:15114 | 2025-09-03T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope |
| Red Hat Enterprise Linux 7 | postgresql | Not affected |
Apply commands
Apply RHSA-2025:14826 for Red Hat Enterprise Linux 10
yum update -y postgresql16
# or:
dnf upgrade -y postgresql16Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 7 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 15.14-0+deb12u1 |
| debian | trixie | fixed | 17.6-0+deb13u1 |
| debian | bullseye | fixed | 13.22-0+deb11u1 |
| almalinux | 9 | fixed | pgaudit-16.0-1.module_el9.4.0+66+eb9878bc.aarch64.rpm |
| rhel | 8 | fixed | |
References
- https://access.redhat.com/errata/RHSA-2025:14827
- https://access.redhat.com/errata/RHSA-2025:14862
- https://access.redhat.com/errata/RHSA-2025:14878
- https://errata.rockylinux.org/RLSA-2025:15022
- https://errata.rockylinux.org/RLSA-2025:14899
- https://errata.rockylinux.org/RLSA-2025:15115
- https://errata.rockylinux.org/RLSA-2025:15021
- https://www.suse.com/security/cve/CVE-2025-8715.html
- https://errata.rockylinux.org/RLSA-2025:14878
- https://errata.rockylinux.org/RLSA-2025:14827
- https://errata.rockylinux.org/RLSA-2025:14862
- https://security-tracker.debian.org/tracker/CVE-2025-8715
- https://access.redhat.com/errata/RHSA-2025:14899
- https://bugzilla.redhat.com/2388551
- https://bugzilla.redhat.com/2388553
- https://errata.almalinux.org/8/ALSA-2025-14899.html
- https://access.redhat.com/errata/RHSA-2025:15115
- https://errata.almalinux.org/8/ALSA-2025-15115.html
- https://errata.almalinux.org/9/ALSA-2025-14827.html
- https://errata.almalinux.org/9/ALSA-2025-14862.html
- https://errata.almalinux.org/9/ALSA-2025-14878.html
- https://access.redhat.com/errata/RHSA-2025:15021
- https://errata.almalinux.org/8/ALSA-2025-15021.html
- https://access.redhat.com/errata/RHSA-2025:15022
- https://errata.almalinux.org/8/ALSA-2025-15022.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.