CVE-2024-12356

crstux

🔥Top10TrendingCVEs(12/02/2026)

crstux

🔥Top10TrendingCVEs(11/02/2026)

crstux

🔥Top10TrendingCVEs(10/02/2026)

syedaquib77

Vulnerability Alert: PostgreSQL Zero-Day Vulnerability Timeline: Disclosure: 2025-01-29, Patch: 2025-02-13 Attribution: Rapid7 Detailed Summary: CVE-2025-1094 is a high-severity SQL injection vulnerability affecting PostgreSQL's psql tool. It arises due to incorrect handling of untrusted input by PostgreSQL's string escaping routines, allowing an attacker to perform meta-commands and execute arbitrary operating system commands. The vulnerability was reported by Rapid7 during research on another related vulnerability (CVE-2024-12356). Mitigation is to upgrade to fixed versions as listed. Attack Vectors: - SQL Injection - Remote Code Execution Impact Scope: Exploitation leads to unauthorized system access and execution of arbitrary commands. Recommended Actions: Upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16, or 13.19 to mitigate this vulnerability. Related Resources: - https://www.postgresql.]org/support/security/CVE-2025-1094/ - https://attackerkb.]com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis - https://www.securityweek.]com/rapid7-flags-new-postgresql-zero-day-connected-to-beyondtrust-exploitation/ Tags: #vulnerability #zeroday #PostgreSQL #BeyondTrust #SQLinjection #remotecodeexecution #psql #CVE-2025-1094 #CVE-2024-12356 #CVE-2024-12686 #UTF-8 #Metasploit #Cybersecurity

rst_cloud

#threatreport #LowCompleteness BeyondTrust Security Incident - Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) | 20-12-2024 Source: https://t.co/uLKdPad6AD Key details below ↓ Threats: Beyondtrust_tool, CVEs: CVE-2024-12686 \[[Vulners](https://t.co/zBJSuoanCL)] - CVSS V3.1: *6.6*, - Vulners: Exploitation: Unknown CVE-2024-12356 \[[Vulners](https://t.co/PiyU8ql7Kb)] - CVSS V3.1: *9.8*, - Vulners: Exploitation: True LLM extracted TTPs:` T1059, T1078 IOCs: - IP: 4 #threatreport: The main idea of the text is that BeyondTrust's Privileged Remote Access and Remote Support solutions have been discovered to have critical vulnerabilities (CVE-2024-12356 and CVE-2024-12686) that expose organizations to cybersecurity risks, allowing attackers to execute arbitrary commands and compromise enterprise systems. Remediation efforts were promptly initiated by BeyondTrust, and organizations are advised to apply patches promptly or discontinue product use to mitigate potential threats effectively.

oss_security

CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection https://t.co/T4q2691aKX Related to BeyondTrust CVE-2024-12356 (CVSS 9.8, linked to a high-profile attack on the U.S. Treasury Department)