Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-12817— PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

CVSS 3.1 · Low EPSS 0.06% · P19
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-12817

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Source: NVD (National Vulnerability Database)
Vulnerability Description
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
PostgreSQL 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL存在安全漏洞,该漏洞源于CREATE STATISTICS命令缺少授权,可能导致拒绝服务攻击。以下版本受到影响:18.1之前版本、17.7之前版本、16.11之前版本、15.15之前版本、14.20之前版本和13.23之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-PostgreSQL 18 ~ 18.1 -

II. Public POCs for CVE-2025-12817

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-12817

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-11-13 · 39 CVEs total

CVE-2025-131307.8 HIGHRadarr Service Radarr.Console.exe default permission
CVE-2025-131317.8 HIGHSonarr Service Sonarr.Console.exe default permission
CVE-2025-128185.9 MEDIUMPostgreSQL libpq undersizes allocations, via integer wraparound
CVE-2025-131205.3 MEDIUMmruby array.c sort_cmp use after free
CVE-2025-60698D-Link DIR-882 安全漏洞
CVE-2025-47221Keyfactor SignServer 安全漏洞
CVE-2025-60684TOTOLINK LR1200GB 安全漏洞
CVE-2025-60691Linksys E1200 安全漏洞
CVE-2025-60699TOTOLINK A950RG 安全漏洞
CVE-2025-60685TOTOLINK A720R 安全漏洞
CVE-2025-60697D-Link DIR-882 安全漏洞
CVE-2025-60692Linksys E1200 安全漏洞
CVE-2025-60686ToToLink多款产品 安全漏洞
CVE-2025-60671D-Link DIR-823G 安全漏洞
CVE-2025-60672D-Link DIR-878 安全漏洞
CVE-2025-60687TOTOLINK LR1200GB 安全漏洞
CVE-2025-55810Alaga Home Security WiFi Camera 安全漏洞
CVE-2025-63406groupoffice 安全漏洞
CVE-2025-52186lila 安全漏洞
CVE-2025-47222Keyfactor SignServer 安全漏洞

Showing top 20 of 39 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: PostgreSQL
Same vendor: n/a
Same weakness: CWE-862

V. Comments for CVE-2025-12817

No comments yet

Leave a comment