Linux Distros Unpatched Vulnerability : CVE-2022-2625

🗓️ 20 Aug 2025 00:00:00Reported by TenableType

Linux PostgreSQL CVE-2022-2625 unpatched; arbitrary code as victim role if three prerequisites met.

Reporter	Title	Published	Views	Family All 215
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance	11 Jan 202416:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.	9 Jan 202420:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities	13 Feb 202313:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677)	30 Mar 202316:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9	8 Dec 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple PostgreSQL Vulnerability affects IBM Storage Scale System (CVE-2023-2454, CVE-2022-2625)	22 Dec 202317:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625)	29 Nov 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management	9 Dec 202214:16	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package postgresql12 version 12.12-alt1	18 Aug 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package postgresql12-1C version 12.11-alt0.M90P.3	1 Sep 202200:00	–	altlinux

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2022-2625
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(252672);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/20");

  script_cve_id("CVE-2022-2625");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2022-2625");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects
    in at least one schema, the ability to lure or wait for an administrator to create or update an affected
    extension in that schema, and the ability to lure or wait for a victim to use the object targeted in
    CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to
    run arbitrary code as the victim role, which may be a superuser. (CVE-2022-2625)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2022-2625");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2625");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.5");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "libecpg-compat3"},
          {"reference": "libecpg-dev"},
          {"reference": "libecpg6"},
          {"reference": "libpgtypes3"},
          {"reference": "libpq-dev"},
          {"reference": "libpq5"},
          {"reference": "postgresql-9.3"},
          {"reference": "postgresql-9.3-dbg"},
          {"reference": "postgresql-client-9.3"},
          {"reference": "postgresql-contrib-9.3"},
          {"reference": "postgresql-doc-9.3"},
          {"reference": "postgresql-plperl-9.3"},
          {"reference": "postgresql-plpython-9.3"},
          {"reference": "postgresql-plpython3-9.3"},
          {"reference": "postgresql-pltcl-9.3"},
          {"reference": "postgresql-server-dev-9.3"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libecpg-compat3"},
          {"reference": "libecpg-dev"},
          {"reference": "libecpg6"},
          {"reference": "libpgtypes3"},
          {"reference": "libpq-dev"},
          {"reference": "libpq5"},
          {"reference": "postgresql-9.5"},
          {"reference": "postgresql-9.5-dbg"},
          {"reference": "postgresql-client-9.5"},
          {"reference": "postgresql-contrib-9.5"},
          {"reference": "postgresql-doc-9.5"},
          {"reference": "postgresql-plperl-9.5"},
          {"reference": "postgresql-plpython-9.5"},
          {"reference": "postgresql-plpython3-9.5"},
          {"reference": "postgresql-pltcl-9.5"},
          {"reference": "postgresql-server-dev-9.5"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

20 Aug 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.18

EPSS0.0152