Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A high-severity vulnerability in an open-source SQL database has been discovered by the team at cyber security firm Rapid7.
During research into the exploitation of an unauthenticated remote code execution (RCE) vulnerability affecting BeyondTrust Privileged Remote Access (PRA) and BeyondTrust Remote Support (RS), Rapid7’s principal security researcher, Stephen Fewer, discovered an SQL injection vulnerability affecting the interactive tool of PostgreSQL.
The high-severity bug, which has now been patched, stemmed from the BeyondTrust vulnerability – CVE-2024-12356. Rapid7 said that in every tested scenario of the bug, exploitation of the PostgreSQL bug – CVE-2025-1094 – was required for remote code execution.
According to Rapid7’s blog, CVE-2025-1094 is the result of the “incorrect assumption that when attacker-controlled untrusted input has been safely escaped via PostgreSQL’s string escaping routines, it cannot be leveraged to generate a successful SQL injection attack”.
Rapid7, however, said SQL injection is still possible in some circumstances through the exploitation of CVE-2025-1094.
“An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool’s ability to run meta-commands,” said Rapid7.
“Meta-commands extend the interactive tools functionality, by providing a wide variety of additional operations that the interactive tool can perform.
“The meta-command, identified by the exclamation mark symbol, allows for an operating system shell command to be executed.”
As a result, whilst CVE-2024-12356 was patched, resulting in the exploitation of it and CVE-2025-1094 being blocked, the new bug remained a zero-day as the patch “did not address [its] root cause”.
Rapid7 said that PostgreSQL users should update to versions 17.3, 16.7, 15.11, 14.16, or 13.19 to prevent exploitation.
Be the first to hear the latest developments in the cyber industry.
