CVE-2025-12817

🗓️ 13 Nov 2025 13:00:12Reported by PostgreSQLType

Missing authorization in CREATE STATISTICS allows a table owner to block others by creating in any schema; later same-name creates by users with create privilege fail.

Reporter	Title	Published	Views	Family All 312
FreeBSD	PostgreSQL -- Multiple vulnerabilities	13 Nov 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to PostgreSQL	30 Dec 202516:26	–	ibm
Tenable Nessus	Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2025-1300)	9 Dec 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2025-1313)	9 Dec 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2025-1314)	9 Dec 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2025-021 (ALASPOSTGRESQL14-2025-021)	8 Dec 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : postgresql (ALSA-2026:0491)	19 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : postgresql:15 (ALSA-2026:0492)	19 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : postgresql:16 (ALSA-2026:0493)	19 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : postgresql:16 (ALSA-2026:0519)	19 Jan 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "PostgreSQL",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "18.1",
        "status": "affected",
        "version": "18",
        "versionType": "rpm"
      },
      {
        "lessThan": "17.7",
        "status": "affected",
        "version": "17",
        "versionType": "rpm"
      },
      {
        "lessThan": "16.11",
        "status": "affected",
        "version": "16",
        "versionType": "rpm"
      },
      {
        "lessThan": "15.15",
        "status": "affected",
        "version": "15",
        "versionType": "rpm"
      },
      {
        "lessThan": "14.20",
        "status": "affected",
        "version": "14",
        "versionType": "rpm"
      },
      {
        "lessThan": "13.23",
        "status": "affected",
        "version": "0",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
postgresql	www.postgresql.org/support/security/CVE-2025-12817/

15 Apr 2026 00:35Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.13.1

EPSS0.00061

SSVC

CWE-862