We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-31480

aiven-extras allows PostgreSQL Privilege Escalation through format function



Description

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.

Reserved 2025-03-28 | Published 2025-04-04 | Updated 2025-04-04 | Assigner GitHub_M


CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-426: Untrusted Search Path

Product status

< 1.1.16
affected

References

github.com/...extras/security/advisories/GHSA-33xh-jqgf-6627

github.com/...ommit/77b5f19a0c1d196bc741ff5c774f85fe7ca3063b

cve.org (CVE-2025-31480)

nvd.nist.gov (CVE-2025-31480)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-31480

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.