CVE-2025-1094

Summary

CVE-2025-1094 is a vulnerability affecting multiple PostgreSQL library functions and command-line utility programs. The issue lies in the improper neutralization of quoting syntax, allowing a database input provider to perform SQL injection when the application constructs PostgreSQL command inputs using the function results. Similarly, a source of command line arguments can exploit this vulnerability in PostgreSQL versions before 17.3, 16.7, 15.11, 14.16, and 13.19, when client_encoding is BIG5 and server_encoding is EUC_TW or MULE_INTERNAL. This vulnerability can lead to unauthorized database access and potentially severe data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.