dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Avatar
info@thehackernews.com (The Hacker News)
February 14, 2025
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. “An
Total
0
Shares
0
0
0
[[{“value”:”

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.

The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.

“An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool’s ability to run meta-commands,” security researcher Stephen Fewer said.

The cybersecurity company further noted that it made the discovery as part of its investigation into CVE-2024-12356, a recently patched security flaw in BeyondTrust software that allows for unauthenticated remote code execution.

Specifically, it found that “a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution.”

In a coordinated disclosure, the maintainers of PostgreSQL released an update to address the problem in the following versions –

PostgreSQL 17 (Fixed in 17.3)
PostgreSQL 16 (Fixed in 16.7)
PostgreSQL 15 (Fixed in 15.11)
PostgreSQL 14 (Fixed in 14.16)
PostgreSQL 13 (Fixed in 13.19)

The vulnerability stems from how PostgreSQL handles invalid UTF-8 characters, thus opening the door to a scenario where an attacker could exploit an SQL injection by making use of a shortcut command “!”, which enables shell command execution.

“An attacker can leverage CVE-2025-1094 to perform this meta-command, thus controlling the operating system shell command that is executed,” Fewer said. “Alternatively, an attacker who can generate a SQL injection via CVE-2025-1094 can execute arbitrary attacker-controlled SQL statements.”

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting SimpleHelp remote support software (CVE-2024-57727, CVSS score: 7.5) to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by March 6, 2025.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Dutch police say they took down 127 servers used by sanctioned hosting service

February 13, 2025
Next Post

Microsoft: Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts

February 14, 2025
Related Posts
3 min

Don’t Overlook These 6 Critical Okta Security Configurations

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for
Avatar
info@thehackernews.com (The Hacker News)
February 10, 2025
Read More
2 min

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with
Avatar
info@thehackernews.com (The Hacker News)
March 11, 2025
Read More