CVE-2025-8714

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-8714

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8714.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-8714

Aliases

BIT-postgresql-2025-8714

Downstream

ALPINE-CVE-2025-8714

BELL-CVE-2025-8714

DEBIAN-CVE-2025-8714

DLA-4273-1

ECHO-fd55-a447-698b

MINI-6c5p-vjm9-63x4

MINI-8fqq-p2ww-653v

MINI-r2q8-j8hm-23jp

OESA-2025-2104

OESA-2025-2137

OESA-2025-2138

OESA-2025-2139

OESA-2025-2140

OESA-2025-2141

OESA-2025-2142

OESA-2025-2143

OESA-2025-2144

OESA-2025-2239

OESA-2025-2240

RHSA-2025:14826

RHSA-2025:14827

RHSA-2025:14862

RHSA-2025:14869

RHSA-2025:14870

RHSA-2025:14878

RHSA-2025:14899

RHSA-2025:15006

RHSA-2025:15012

RHSA-2025:15013

RHSA-2025:15014

RHSA-2025:15015

RHSA-2025:15021

RHSA-2025:15022

RHSA-2025:15031

RHSA-2025:15034

RHSA-2025:15057

RHSA-2025:15062

RHSA-2025:15114

RHSA-2025:15115

RHSA-2025:15359

RHSA-2025:15361

RHSA-2025:16099

RLSA-2025:14826

RLSA-2025:14827

RLSA-2025:14862

RLSA-2025:14878

RLSA-2025:14899

RLSA-2025:15021

RLSA-2025:15022

RLSA-2025:15115

SUSE-SU-2025:03005-1

SUSE-SU-2025:03005-2

SUSE-SU-2025:03018-1

SUSE-SU-2025:03019-1

SUSE-SU-2025:03019-2

SUSE-SU-2025:03020-1

UBUNTU-CVE-2025-8714

USN-7741-1

Related

Published

2025-08-14T13:15:37Z

Modified

2025-09-06T13:01:25Z

Summary

[none]

Details

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.

References

https://www.postgresql.org/support/security/CVE-2025-8714/

Affected packages