BIT-postgresql-2025-12817

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2025-12817.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-postgresql-2025-12817
Aliases
  • CVE-2025-12817
Published
2025-11-21T08:47:36.690Z
Modified
2025-11-21T09:27:44.154213Z
Summary
PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Details

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Database specific
{
    "severity": "Low",
    "cpes": [
        "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / postgresql

Package

Name
postgresql
Purl
pkg:bitnami/postgresql

Severity

  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.23.0
Introduced
14.0.0
Fixed
14.20.0
Introduced
15.0.0
Fixed
15.15.0
Introduced
16.0.0
Fixed
16.11.0
Introduced
17.0.0
Fixed
17.7.0
Introduced
18.0.0
Fixed
18.1.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2025-12817.json"