PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers can exploit this vulnerability to execute arbitrary SQL statements and achieve arbitrary code execution (ACE) by leveraging psql’s meta-command functionality. Organizations using PostgreSQL should act swiftly to patch their systems and review their security protocols to prevent exploitation of such vulnerabilities in the future. Exploitation can lead to significant risks, including unauthorized database access and full system compromise through shell command execution. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. The discovery highlights the interconnected nature of these vulnerabilities, as successful exploitation of CVE-2024-12356 required leveraging CVE-2025-1094 in all tested scenarios. The PostgreSQL Global Development Group has issued advisories detailing the fixes and providing guidance on security practices. Meta-commands, identified by the exclamation mark (!), allow the execution of operating system shell commands directly from the interactive tool. A Metasploit module targeting CVE-2025-1094 has been developed, enabling exploitation against vulnerable BeyondTrust systems. She is covering various cyber security incidents happening in the Cyber Space. CVE-2025-1094 plays a critical role in enabling remote code execution via CVE-2024-12356. This vulnerability was found by Stephen Fewer, Principal Security Researcher at Rapid7.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Feb 2025 07:30:57 +0000

Cyber News related to PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
6 months ago Unit42.paloaltonetworks.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
2 weeks ago Cybersecuritynews.com

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack - This campaign underscores critical cloud security gaps: 90% of environments host PostgreSQL instances, many with inadequate access controls. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & ...
2 weeks ago Cybersecuritynews.com

Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
3 weeks ago Cybersecuritynews.com

PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
2 months ago Bleepingcomputer.com CVE-2025-1094 CVE-2024-12356 CVE-2024-12686

10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
2 weeks ago Cybersecuritynews.com

Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code - CVE-2024-55964: An Insecure Direct Object Reference vulnerability allowed users with minimal “App Viewer” permissions to access SQL databases by exploiting predictable datasource IDs and the ...
4 weeks ago Cybersecuritynews.com CVE-2024-55964

CVE-2024-48919 - Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K ...
6 months ago

Top 10 Best Active Directory Management Tools in 2025 - SolarWinds Access Rights Manager (ARM) is a robust Active Directory management tool designed to enhance security and simplify user permissions management. Dameware Remote Everywhere (DRE) is a powerful Active Directory management tool that provides ...
2 weeks ago Cybersecuritynews.com

CVE-2020-36128 - Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store to identify the terminal and ...
3 years ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers can exploit this vulnerability to execute arbitrary SQL statements and achieve arbitrary code execution (ACE) by ...
2 months ago Cybersecuritynews.com CVE-2024-12356 CVE-2025-1094

Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
1 year ago Hackread.com

CVE-2025-1094 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. ...
2 months ago Tenable.com

CVE-2024-4317 - Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may ...
11 months ago Tenable.com

What are OSINT Tools - Open Source Intelligence (OSINT) tools are incredibly useful for companies, organizations, cybersecurity researchers, and students. This article will discuss the 15 best OSINT tools that can be used for investigations and educational purposes. OSINT ...
2 years ago Hackread.com

CVE-2022-45786 - There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to ...
2 years ago

CVE-2017-6041 - An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, ...
5 years ago

CVE-2016-9358 - A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, ...
5 years ago

CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com

Kaspersky releases free tool that scans Linux for known threats - Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. Kaspersky's new tool isn't a real-time threat protection tool but a ...
10 months ago Bleepingcomputer.com

10 Best Free Blue Team Tools in 2025 - IT security experts utilize blue team tools to protect against simulated cyber threats launched by the “red team” to improve cybersecurity and penetration testing procedures. Sigma is a blue team tool for creating and using signatures ...
2 weeks ago Cybersecuritynews.com

What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
2 years ago Hackread.com

CVE-2019-10128 - A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ...
3 years ago

CVE-2019-10127 - A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In ...
3 years ago

Predator AI ChatGPT Integration Poses Risk to Cloud Services - Cybersecurity researchers at SentinelLabs have uncovered a new Python-based infostealer and hack tool named "Predator AI.". The malicious tool is specifically designed to target cloud services and integrates artificial intelligence technology, ...
1 year ago Infosecurity-magazine.com

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Cyber News related to PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)