CVE-2025-1094: PostgreSQL psql SQL injection (FIXED) | Rapid7 Blog

Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, in PostgreSQL’s interactive tool psql. The vulnerability, which allows arbitrary code execution, was exploited in conjunction with CVE-2024-12356, an unauthenticated RCE vulnerability in BeyondTrust products. PostgreSQL users should upgrade to version 17.3, 16.7, 15.11, 14.16, or 13.19 to remediate the issue.