CVE-2025-31480

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-31480

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-31480.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-31480

Aliases

GHSA-33xh-jqgf-6627

Published

2025-04-04T14:49:30.863Z

Modified

2025-12-05T08:54:31.767587Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

aiven-extras allows PostgreSQL Privilege Escalation through format function

Details

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aivenextras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aivenextras has been installed in.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-426"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/31xxx/CVE-2025-31480.json"
}

References

Affected packages

Git / github.com/aiven/aiven-extras

Affected ranges

Type: GIT
Repo: https://github.com/aiven/aiven-extras
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

77b5f19a0c1d196bc741ff5c774f85fe7ca3063b

Affected versions

1.*

1.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.1.1

1.1.15

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-31480.json"