VULNERABILITY

Oracle Linux: CVE-2025-1094: ELSA-2025-1736: postgresql:13 security update (IMPORTANT) (Multiple Advisories)

Try Surface Command Get a continuous 360° view of your attack surface

Back to Search

Oracle Linux: CVE-2025-1094: ELSA-2025-1736: postgresql:13 security update (IMPORTANT) (Multiple Advisories)

Severity

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:C)

Published

02/13/2025

Created

03/10/2025

Added

02/25/2025

Modified

03/24/2025

Description

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.

Solution(s)

oracle-linux-upgrade-libpq
oracle-linux-upgrade-libpq-devel
oracle-linux-upgrade-pgaudit
oracle-linux-upgrade-pg-repack
oracle-linux-upgrade-pgvector
oracle-linux-upgrade-postgres-decoderbufs
oracle-linux-upgrade-postgresql
oracle-linux-upgrade-postgresql-contrib
oracle-linux-upgrade-postgresql-docs
oracle-linux-upgrade-postgresql-plperl
oracle-linux-upgrade-postgresql-plpython3
oracle-linux-upgrade-postgresql-pltcl
oracle-linux-upgrade-postgresql-private-devel
oracle-linux-upgrade-postgresql-private-libs
oracle-linux-upgrade-postgresql-server
oracle-linux-upgrade-postgresql-server-devel
oracle-linux-upgrade-postgresql-static
oracle-linux-upgrade-postgresql-test
oracle-linux-upgrade-postgresql-test-rpm-macros
oracle-linux-upgrade-postgresql-upgrade
oracle-linux-upgrade-postgresql-upgrade-devel

References

https://attackerkb.com/topics/cve-2025-1094
CVE - 2025-1094
ELSA-2025-1736
ELSA-2025-1737
ELSA-2025-1738
ELSA-2025-1739
ELSA-2025-1740
ELSA-2025-1741
ELSA-2025-1742
ELSA-2025-1743
ELSA-2025-3082

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

VULNERABILITY

Oracle Linux: CVE-2025-1094: ELSA-2025-1736: postgresql:13 security update (IMPORTANT) (Multiple Advisories)

Oracle Linux: CVE-2025-1094: ELSA-2025-1736: postgresql:13 security update (IMPORTANT) (Multiple Advisories)

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.