Article Details
Scrape Timestamp (UTC): 2025-02-14 05:09:19.481
Source: https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html
Original Article Text
Click to Toggle View
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks. Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands," security researcher Stephen Fewer said. The cybersecurity company further noted that it made the discovery as part of its investigation into CVE-2024-12356, a recently patched security flaw in BeyondTrust software that allows for unauthenticated remote code execution. Specifically, it found that "a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution." In a coordinated disclosure, the maintainers of PostgreSQL released an update to address the problem in the following versions - The vulnerability stems from how PostgreSQL handles invalid UTF-8 characters, thus opening the door to a scenario where an attacker could exploit an SQL injection by making use of a shortcut command "\!", which enables shell command execution. "An attacker can leverage CVE-2025-1094 to perform this meta-command, thus controlling the operating system shell command that is executed," Fewer said. "Alternatively, an attacker who can generate a SQL injection via CVE-2025-1094 can execute arbitrary attacker-controlled SQL statements." The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting SimpleHelp remote support software (CVE-2024-57727, CVSS score: 7.5) to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by March 6, 2025.
Daily Brief Summary
Threat actors exploited a zero-day vulnerability in BeyondTrust products, impacting Privileged Remote Access and Remote Support.
A newly discovered SQL injection vulnerability in PostgreSQL, tagged as CVE-2025-1094, was simultaneously exploited.
CVE-2025-1094 allows attackers to execute arbitrary code by injecting SQL via PostgreSQL’s interactive tool psql.
The attack was identified during investigations into CVE-2024-12356, a patched flaw in BeyondTrust that allowed unauthenticated remote execution.
PostgreSQL has issued an update after discovering the flaw arises from incorrect handling of UTF-8 characters enabling SQL injections.
CVE-2025-1094 enables attackers to execute shell commands or SQL statements directly on the affected system.
This dual software vulnerability exploitation was part of broader security findings that also noted an exploited flaw in SimpleHelp remote support software required to be patched by federal agencies by March 2025.