PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers can exploit this vulnerability to execute arbitrary SQL statements and achieve arbitrary code execution (ACE) by leveraging psql’s meta-command functionality. Organizations using PostgreSQL should act swiftly to patch their systems and review their security protocols to prevent exploitation of such vulnerabilities in the future. Exploitation can lead to significant risks, including unauthorized database access and full system compromise through shell command execution. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. The discovery highlights the interconnected nature of these vulnerabilities, as successful exploitation of CVE-2024-12356 required leveraging CVE-2025-1094 in all tested scenarios. The PostgreSQL Global Development Group has issued advisories detailing the fixes and providing guidance on security practices. Meta-commands, identified by the exclamation mark (!), allow the execution of operating system shell commands directly from the interactive tool. A Metasploit module targeting CVE-2025-1094 has been developed, enabling exploitation against vulnerable BeyondTrust systems. She is covering various cyber security incidents happening in the Cyber Space. CVE-2025-1094 plays a critical role in enabling remote code execution via CVE-2024-12356. This vulnerability was found by Stephen Fewer, Principal Security Researcher at Rapid7.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Feb 2025 07:30:57 +0000

Cyber News related to PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
8 months ago Cybersecuritynews.com

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
1 year ago Unit42.paloaltonetworks.com

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack - This campaign underscores critical cloud security gaps: 90% of environments host PostgreSQL instances, many with inadequate access controls. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & ...
9 months ago Cybersecuritynews.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
9 months ago Cybersecuritynews.com

Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
9 months ago Cybersecuritynews.com

PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
10 months ago Bleepingcomputer.com CVE-2025-1094 CVE-2024-12356 CVE-2024-12686

Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code - CVE-2024-55964: An Insecure Direct Object Reference vulnerability allowed users with minimal “App Viewer” permissions to access SQL databases by exploiting predictable datasource IDs and the ...
9 months ago Cybersecuritynews.com CVE-2024-55964

20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
5 months ago Cybersecuritynews.com

10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
9 months ago Cybersecuritynews.com

CVE-2024-48919 - Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K ...
1 year ago

15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
5 months ago Cybersecuritynews.com

CVE-2020-36128 - Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store to identify the terminal and ...
4 years ago

Top 10 Best Active Directory Management Tools in 2025 - SolarWinds Access Rights Manager (ARM) is a robust Active Directory management tool designed to enhance security and simplify user permissions management. Dameware Remote Everywhere (DRE) is a powerful Active Directory management tool that provides ...
9 months ago Cybersecuritynews.com

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers can exploit this vulnerability to execute arbitrary SQL statements and achieve arbitrary code execution (ACE) by ...
10 months ago Cybersecuritynews.com CVE-2024-12356 CVE-2025-1094

Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
1 year ago Hackread.com

CVE-2025-1094 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. ...
11 months ago Tenable.com

CVE-2024-4317 - Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may ...
1 year ago Tenable.com

What are OSINT Tools - Open Source Intelligence (OSINT) tools are incredibly useful for companies, organizations, cybersecurity researchers, and students. This article will discuss the 15 best OSINT tools that can be used for investigations and educational purposes. OSINT ...
2 years ago Hackread.com

CVE-2022-45786 - There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to ...
2 years ago

Open Source B3 Benchmark Security Tool Gains Traction in Cybersecurity Community - The cybersecurity community is witnessing a significant advancement with the introduction of the open-source B3 Benchmark Security tool. This innovative solution is designed to enhance security benchmarking processes, providing organizations with a ...
2 months ago Infosecurity-magazine.com

CVE-2017-6041 - An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, ...
6 years ago

CVE-2016-9358 - A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, ...
6 years ago

Kaspersky releases free tool that scans Linux for known threats - Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. Kaspersky's new tool isn't a real-time threat protection tool but a ...
1 year ago Bleepingcomputer.com

CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com

10 Best Free Blue Team Tools in 2025 - IT security experts utilize blue team tools to protect against simulated cyber threats launched by the “red team” to improve cybersecurity and penetration testing procedures. Sigma is a blue team tool for creating and using signatures ...
9 months ago Cybersecuritynews.com