CVE-2025-8713 Information

Description

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability but this gap remained. Versions before PostgreSQL 17.6 16.10 15.14 14.19 and 13.22 are affected.

Reference

https://www.postgresql.org/support/security/CVE-2025-8713/

Related CNNVD

CNNVD-202508-1633 (Published: 2025-08-14)