FlagThis

A critical zero-day vulnerability, identified as CVE-2025-1094, has been discovered in the open-source database management system PostgreSQL. This SQL injection flaw, found in PostgreSQL's psql terminal, was actively exploited in conjunction with a separate zero-day vulnerability, CVE-2024-12356, affecting BeyondTrust Remote Support systems. The combined exploitation of these vulnerabilities enabled attackers to achieve remote code execution, leading to potential system compromise.

Rapid7 researchers discovered that the PostgreSQL flaw stems from the interactive terminal psql's handling of malformed UTF-8 characters, which allows attackers to inject malicious SQL commands. This vulnerability was leveraged in attacks targeting the U.S. Treasury Department, highlighting the severity of the threat. PostgreSQL has urged users of versions before 13.19, 14.16, 15.11, 16.7, and 17.3 to immediately apply the issued patch to mitigate the risk of exploitation.

ImgSrc: www.csoonline.c

References :

• The Hacker News: PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
• www.csoonline.com: PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks
• MSSP feed for Latest: New PostgreSQL Zero-Day Potentially Leveraged in BeyondTrust Attacks
• www.scworld.com: New PostgreSQL zero-day potentially leveraged in BeyondTrust attacks
• securityaffairs.com: Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
• Talkback Resources: Rapid7 discovered a zero-day vulnerability in PostgreSQL's psql terminal (CVE-2025-1094) enabling SQL injection, exploited in attacks on BeyondTrust Remote Support systems, compromising US Treasury Department machines.

Classification:

• HashTags: #Cybersecurity #BeyondTrust #PostgreSQL
• Company: BeyondTrust
• Target: U.S. Organizations
• Product: Remote Support
• Feature: SQL Injection
• Type: Hack
• Severity: Major