Critical PostgreSQL Vulnerability CVE-2025-1094 Enables Remote Code Execution
Security Briefing
🔴 Critical
Executive Summary
A critical vulnerability in PostgreSQL's libpq client library (CVE-2025-1094) allows attackers to achieve remote code execution through a novel SQL injection vector that bypasses parameterized query protections. With a CVSS score of 8.1, this flaw affects all PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Active exploitation has been observed in the wild, particularly in combination with the BeyondTrust CVE-2024-12356 vulnerability.
⚡ Bottom line: Patch PostgreSQL immediately — this is being actively exploited in the wild.