CVE-2025-8715 - PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server

First Published: 2025/08/14

Last Updated: 2025/08/14

Important: This is an assessment of the impact of CVE-2025-8715 on EDB products and services. It links to and details the CVE and supplements that information with EDB's own assessment.

Summary

Summary

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected.

Vulnerability details

CVE-ID: CVE-2025-8715

CVE Publish Date: 2025-08-14

CVSS Base Score: 8.8

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products and versions

PostgreSQL

• All versions prior to 17.6
• All versions prior to 16.10
• All versions prior to 15.14
• All versions prior to 14.19
• All versions prior to 13.22

EDB Postgres Extended Server

• All versions prior to 17.6.0
• All versions prior to 16.10.0
• All versions prior to 15.14.0
• All versions prior to 14.19.0
• All versions prior to 13.22

EDB Postgres Advanced Server

• All versions prior to 17.6.0
• All versions prior to 16.10.0
• All versions prior to 15.14.0
• All versions prior to 14.19.0
• All versions prior to 13.22

Remediation/fixes

EDB-Pgpool

EDB Postgres Extended Server

EDB Postgres Advanced Server

References

• CVSS Calculator v3.1
• https://www.postgresql.org/support/security/CVE-2025-8715/

Related information

• EnterpriseDB
• EDB Blogs link

Acknowledgement

Source: PostgreSQL project