Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Reference:
Advisory #2025-35
Version:
1.0
Affected software:
PostgreSQL < v17.3
PostgreSQL < v16.7
PostgreSQL < v15.11
PostgreSQL < v14.16
PostgreSQL < v13.19
Type:
Improper Neutralization of Quoting Syntax (CWE-149)
CVE/CVSS:
CVE-2025-1094
CVSS 8.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
PostgreSQL fixed CVE-2025-1094, an SQL Injection vulnerability in all their actively supported versions. Successfully exploiting this vulnerability could allow an unauthenticated remote attacker to execute commands on the targeted PostgreSQL server’s operating system and could also allow an attacker to perform SQL statements on the databases hosted on this PostgreSQL Server. This could lead to the exposure of all data on the server and PostgreSQL databases.
Since the actors could also be able to execute commands on the operating system itself by exploiting CVE-2025-1094, they can use this ability to use the PostgreSQL server to gain access to the internal network or the deploy the server as a webshell.
CVE-2025-1094 has a high impact on the full CIA triad and is already being observed being exploited in the wild.
CVE-2025-1094: CVSS 8.3
CVE-2025-1094 is possible due to improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(), which allows a database input provider to achieve SQL injection in certain usage patterns. SQL injection requires the application to use the function result to construct input to psql (the PostgreSQL interactive terminal).
Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.