CVE-2025-55282 aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of searchpath restriction, an attacke...

CVE-2025-55282

The CVE-2025-55282 issue affects aiven-db-migrate (prior to 1.0.7). A privilege-escalation flaw exists due to a lack of search_path restriction during migrations from untrusted sources, enabling a user to override pg_catalog and execute untrusted operators as a PostgreSQL superuser. This is fixed...

aiven-db-migrate 命令注入漏洞

aiven-db-migrate is an Aiven open source application. A command injection vulnerability exists in aiven-db-migrate versions prior to 1.0.7, which stems from an elevation of privilege vulnerability that could lead to superuser privilege acquisition...

PT-2025-33673 · Aiven · Aiven-Db-Migrate

Name of the Vulnerable Software and Affected Versions: aiven-db-migrate versions prior to 1.0.7 Description: aiven-db-migrate is a database migration tool. A privilege escalation issue exists that could allow elevation to superuser inside PostgreSQL databases during a migration from an untrusted...