CyberSecurity news

FlagThis - #sqlinjection

@csoonline.com //
A high-severity SQL injection vulnerability, identified as CVE-2025-1094, has been discovered in PostgreSQL's psql interactive tool. Rapid7 researchers found that threat actors exploited this zero-day flaw in conjunction with a BeyondTrust vulnerability (CVE-2024-12356) during targeted attacks in December 2024. Specifically, attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL.

This vulnerability enables attackers to execute arbitrary SQL commands, potentially leading to OS command execution. The flaw stems from how PostgreSQL handles invalid UTF-8 characters, which allows attackers to inject malicious code via a shortcut command "\!". Rapid7 discovered that successful exploitation of the BeyondTrust vulnerability required exploiting CVE-2025-1094 to achieve remote code execution. Patches have been released for PostgreSQL versions 13 through 17 to address this issue, and users are advised to upgrade their database servers immediately.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • The Register - Security: High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…
  • Caitlin Condon: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust exploitation
  • securityaffairs.com: Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7.
  • The Hacker News: Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
  • www.csoonline.com: PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks
  • infosec.exchange: New vuln disclosure c/o : CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting on its relation to BeyondTrust exploitation
  • MSSP feed for Latest: New PostgreSQL Zero-Day Potentially Leveraged in BeyondTrust Attacks
  • www.scworld.com: New PostgreSQL zero-day potentially leveraged in BeyondTrust attacks
  • Talkback Resources: Rapid7 discovered a zero-day vulnerability in PostgreSQL's psql terminal (CVE-2025-1094) enabling SQL injection, exploited in attacks on BeyondTrust Remote Support systems, compromising US Treasury Department machines.
  • Caitlin Condon: CVE-2025-1094 affects all supported versions of PostgreSQL
  • Open Source Security: Hi, As announced on February 13 in: This vulnerability is related to BeyondTrust CVE-2024-12356: In Caitlin Condon's words in the thread above: The referenced Rapid7 blog post:
  • www.postgresql.org: PostgreSQL security announcement about CVE-2025-1094.
  • Open Source Security: Re: CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection
  • securityonline.info: Metasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote Attacks
  • securityonline.info: Metasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote Attacks
  • Caitlin Condon: Infosec.exchange post linking to various resources related to CVE-2025-1094 in PostgreSQL.
  • www.postgresql.org: PostgreSQL announcement about PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 releases fixing CVE-2025-1094
Classification:
@www.heise.de //
A critical blind SQL injection vulnerability, identified as CVE-2025-22217, has been discovered in the VMware Avi Load Balancer. This flaw allows attackers with network access to send specially crafted SQL queries, potentially gaining unauthorized access to the underlying database. The vulnerability poses a significant risk, enabling attackers to bypass authentication and directly access sensitive information stored within the database. This access could lead to substantial data breaches and system compromise, making it a major concern for organizations using Avi Load Balancer.

The vulnerability, which scores 8.6 on the CVSS scale, stems from insufficient input validation, allowing for the injection of arbitrary SQL code. Broadcom, the vendor, urges users to apply the necessary patches immediately, as no workarounds are available. The affected versions are primarily within the 30.x range; specifically 30.1.1, 30.1.2, 30.2.1 and 30.2.2 all require patching. It is also important that if you are running 30.1.1 you MUST upgrade to at least 30.1.2 before applying the patch to resolve this issue. Versions 22.x and 21.x are not susceptible to this particular flaw.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • securityaffairs.com: VMware fixed a flaw in Avi Load Balancer
  • socca.tech: CVE-2025-22217: (VMware Avi Load Balancer: High)
  • The Hacker News: Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
  • www.heise.de: VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer
  • heise online English: VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer
  • securityonline.info: VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks
  • securityonline.info: VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks
  • Security Risk Advisors: Critical SQL Injection Vulnerability Threatens VMware Avi Load Balancer Security
  • support.broadcom.com: Critical SQL Injection Vulnerability Threatens VMware Avi Load Balancer Security
Classification:
@jocert.ncsc.jo //
A critical security vulnerability, CVE-2022-31631, has been identified in PHP that could expose websites and applications to SQL injection attacks. The vulnerability resides in the PDO::quote() function when used with SQLite databases. This flaw stems from an integer overflow issue, potentially leading to improper string sanitization. Successful exploitation could allow attackers to inject malicious code, gain control of the database, steal sensitive data, or modify database content.

Users of PHP are urged to update to patched versions immediately. The vulnerability affects PHP versions 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2. Fixed versions include PHP versions 8.0.27, 8.1.15, or 8.2.2 (or later). NetApp has issued an advisory, NTAP-20230223-0007, acknowledging the vulnerability in multiple NetApp products, stating successful exploitation could lead to Denial of Service (DoS).

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyble.com: CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch
  • security.netapp.com: Security Advisory for CVE-2022-31631
  • cyble.com: CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch
Classification: