CVE-2025-0218

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-0218
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0218.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0218
Downstream
Published
2025-01-07T20:15:30Z
Modified
2025-11-05T11:10:17.514443Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

References

Affected packages

Git / github.com/pgadmin-org/pgagent

Affected ranges

Type
GIT
Repo
https://github.com/pgadmin-org/pgagent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1ecd193a2be3a3dc9e98f369495e1a792e6d508c

Affected versions

Other

REL-2_0_0
REL-2_0_1
REL-3_2_0
REL-3_2_1
REL-3_4_0
REL-3_4_1
REL-4_0_0
REL-4_2_1
REL-4_2_2

pgagent-4.*

pgagent-4.2.2

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 492.0,
            "function_hash": "1835119245256153405997425644123068543"
        },
        "target": {
            "function": "getTemporaryDirectoryPath",
            "file": "misc.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c",
        "id": "CVE-2025-0218-525e9642",
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 6091.0,
            "function_hash": "335462314302545063913539919337270602505"
        },
        "target": {
            "function": "Job::Execute",
            "file": "job.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c",
        "id": "CVE-2025-0218-a0762d55",
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "229200147531046160902493604255118074719",
                "183345290532624358964324276676284827894",
                "156188190270451113089501170291795228028",
                "2314879359120232173370329923831218669",
                "25298593483123711284070613926128330561",
                "275749383108093066233425816703678990015",
                "251062331805773792301344390058748232463",
                "142960844656879048894083234795690168546",
                "109786182447178959485470210824636833758",
                "337927240740305357141679129435610987068",
                "13772350177600271247421938267502228938",
                "35044773019672907239362682094167993426",
                "116856469085373958944709104795212538094",
                "260126405631445308740075747685302983058",
                "79273103622214611733730125084056313558",
                "206917705309117588590416782640681497793",
                "338612570098024663322574890019805492901",
                "68540117784340556453163261058279447833",
                "270358022894867857200889747624721843961",
                "222337508740524407296026715528482745759",
                "62583969161337150001838871723074871040",
                "254300117729483910287110153587596560816",
                "76046710304268122620552705676519546186",
                "123178781256997833542113148739295193330",
                "166440642014334952526362101448106083272",
                "131741919555775543567653073942404214991",
                "318007559549461446432471974376465167447",
                "275962370253876230521935839972595050800",
                "173827081675774827838587112942578184561",
                "202662073356030555531906305574012798447",
                "158423022808056472264796967519758871486",
                "142595653203600389382272610283245096181",
                "158225096545131871376219266092694764693",
                "194763281134755528485333792304176009312",
                "91043655820009401375416792434926435478"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "misc.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c",
        "id": "CVE-2025-0218-af62e5ce",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "210008508388496081508240084368107575731",
                "336657679750670117782592887239531158685",
                "57882587410724121640535992651394393358",
                "68047834017858329208899003896524466607"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "include/misc.h"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c",
        "id": "CVE-2025-0218-ba485695",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "47762892048336519957711524937998527220",
                "191883852719602508320378617637892701320",
                "322505436786826695070018535671530889471",
                "91197846562439768821952088872915194905",
                "315992833472746755819610297575515699824",
                "5995875553118554529047239160102673444",
                "157725538112459129917917772934668460462",
                "250008722541997269374823362913857768920",
                "185093319027153246349213046886921512198",
                "191547761909935330260313384757033084846",
                "155437952988227879875266706782125337503",
                "232148196336171808944387738194054509147",
                "52065626433010614482837554557075943084",
                "235260981697014816410328568981454012832",
                "58688494835584756134376674950418468668",
                "237569108181940859705551783364474549371",
                "37167577497664354605196474297060606042",
                "168927159422174343462696038077498769251",
                "17936233859613789214004561190329557277",
                "104004579748622323766886277180777948615",
                "285648685985130857200192901451041261915",
                "58294051699102810572148802857713184275",
                "14550203469131380638403006475039775006",
                "163162393621621879063366259288900248428",
                "68738990521230231424626464113156652082",
                "166950369836097051841516141178737489724",
                "260699046775539595855148962429708366144",
                "260597316510246566879125710244005376341",
                "26992961620940957301934095152420342394",
                "257987945425035251927942932431703422141",
                "39607434840281729389339130736289963056",
                "115327706523679188074009387850639881018",
                "279516146005406627915149673924715454544",
                "252928312934724663669498694374395970590",
                "79995246530973379217648908385489073606",
                "279210986947710158469980831128390892646",
                "163051165212194622954930315620820802062",
                "116620723309104376759973830657049367682",
                "47450252272153415275917341795109659596",
                "109783907043955604097011419569541290369",
                "2574396394249767278891514972381747292",
                "53768381647867149984209342481888248652",
                "257959721145342621727526981187179353345",
                "73674571928806910599201830339054726743",
                "169366579437228466207080257730871156368",
                "168130234787215140926873458111780546958",
                "326681522266165733654933854941757466992",
                "131011774979174602708191886768170888885",
                "212939156150692092952143853196738096903",
                "259656162187297823432324034800628697618",
                "110896551057513410220557661242771699739",
                "80538305547321385975395930767154190114",
                "270384419605584432371810251421733169599",
                "50295708998478476348059199060409499945",
                "306910496774991031601983522881003913465",
                "285547730078263603847839845295753287551"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "job.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c",
        "id": "CVE-2025-0218-e5d01477",
        "signature_type": "Line"
    }
]