CVE-2025-1094— PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

CVSS 8.1 · High EPSS 82.36% · P99 Updated Mar 14, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-1094

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

引号语法转义处理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

PostgreSQL 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性，例如外键、触发器、视图等。 PostgreSQL存在安全漏洞，该漏洞源于libpq中存在引号语法中和不当，会导致SQL注入。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	PostgreSQL	17 ~ 17.3	-

II. Public POCs for CVE-2025-1094

#	POC Description	Source Link	Shenlong Link
1	WebSocket and SQL Injection Exploit Script	https://github.com/soltanali0/CVE-2025-1094-Exploit	POC Details
2	CVE-2025-1094 Exploit SQL Injection to RCE via WebSocket in PostgreSQL	https://github.com/shacojx/CVE-2025-1094-Exploit	POC Details
3	None	https://github.com/ishwardeepp/CVE-2025-1094-PoC-Postgre-SQLi	POC Details
4	It is an input sanitization flaw caused by an encoding mismatch, allowing crafted input to bypass filters. If a server is vulnerable, an attacker can inject malicious SQL that the backend executes.	https://github.com/aninfosec/CVE-2025-1094	POC Details
5	CVE-2025-1094	https://github.com/B1ack4sh/Blackash-CVE-2025-1094	POC Details
6	None	https://github.com/PinkArmor/CVE-2025-1094-Lab-Setup	POC Details
7	CVE-2025-1094	https://github.com/Ashwesker/Blackash-CVE-2025-1094	POC Details
8	CVE-2025-1094	https://github.com/Ashwesker/Ashwesker-CVE-2025-1094	POC Details
9	🔒 CVE-2025-1094 PostgreSQL Multi-byte SQL Injection Demo \| Educational security research project with full documentation	https://github.com/Nguyen-Van-Gia-Binh/Fcode-Security-Demo	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-1094

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-02-13 · 37 CVEs total

CVE-2024-37600	6.8 MEDIUM	Mercedes-Benz NTG 安全漏洞
CVE-2024-37602	4.6 MEDIUM	Mercedes-Benz NTG 安全漏洞
CVE-2024-56908		Perfex CRM 安全漏洞
CVE-2023-34404		Mercedes-Benz NTG 安全漏洞
CVE-2023-34401		Mercedes-Benz NTG 安全漏洞
CVE-2023-34406		Mercedes-Benz NTG 安全漏洞
CVE-2023-34403		Mercedes-Benz NTG 安全漏洞
CVE-2024-37601		Mercedes-Benz NTG 安全漏洞
CVE-2024-37603		Mercedes-Benz NTG 安全漏洞
CVE-2023-34402		Mercedes-Benz NTG 安全漏洞
CVE-2024-57782		docker-proxy 安全漏洞
CVE-2024-53310		Effectmatrix Total Video Converter Command Line 安全漏洞
CVE-2024-53309		EffectMatrix Total Video Converter Command Line 安全漏洞
CVE-2025-22961		GatesAir Maxiva 安全漏洞
CVE-2025-22960		GatesAir Maxiva 安全漏洞
CVE-2024-53311		Immunity Debugger 安全漏洞
CVE-2025-22962		GatesAir Maxiva 安全漏洞
CVE-2024-54951		Monica 安全漏洞
CVE-2025-25357		PHPGurukul Land Record System 安全漏洞
CVE-2025-25897		TP-LINK TL-WR841ND 安全漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: PostgreSQL

Same vendor: n/a

Same weakness: CWE-149

V. Comments for CVE-2025-1094

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-1094— PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

I. Basic Information for CVE-2025-1094

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2025-1094

III. Intelligence Information for CVE-2025-1094

Same Patch Batch · n/a · 2025-02-13 · 37 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-1094

Leave a comment