A high-severity SQL injection vulnerability in PostgreSQL, identified as CVE-2025-1094, has been actively exploited, including in a recent breach of the US Treasury. The flaw, which carries a CVSS score of 8.1, arises from improper neutralization of quoting syntax in several PostgreSQL libpq functions. This vulnerability allows attackers to execute arbitrary code under certain conditions, posing significant risks to affected systems.
The vulnerability specifically affects the functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(). These functions are crucial for escaping strings in SQL queries, and improper handling can lead to SQL injection if applications do not correctly sanitize inputs. The exploitation of this flaw can enable attackers to manipulate database queries, potentially leading to unauthorized data access or modification.
The exploit timeline for CVE-2025-1094 is notable, with proof-of-concept (PoC) exploits available for over two months before the vulnerability was publicly disclosed on February 13, 2025. The Exploit Prediction Scoring System (EPSS) rates the likelihood of exploitation at 0.831, indicating a high probability of attackers leveraging this flaw. At least one exploit has been confirmed in the wild, underscoring the urgency for organizations to address this vulnerability.
The US Treasury hack highlights the real-world impact of CVE-2025-1094. Attackers reportedly used this zero-day vulnerability to gain unauthorized access to sensitive systems, demonstrating the potential consequences of delayed patching and inadequate input validation. This incident serves as a stark reminder of the critical need for robust security practices and timely vulnerability management.
Organizations using PostgreSQL should immediately assess their systems for exposure to CVE-2025-1094. Mitigation strategies include applying available patches, reviewing and updating input validation processes, and monitoring for unusual database activity that could indicate exploitation attempts. Given the severity and active exploitation of this vulnerability, swift action is essential to protect sensitive data and maintain system integrity.
While the PostgreSQL community has been alerted to the risks associated with CVE-2025-1094, the responsibility ultimately falls on individual organizations to implement necessary defenses. As attackers continue to exploit known vulnerabilities, maintaining a proactive security posture is crucial in safeguarding against potential breaches.
CSURFACE