Introduction
Attackers with access to a PostgreSQL origin server can embed malicious commands in database object names, leading to code execution on client systems during restoration. This vulnerability impacts routine backup and migration workflows, exposing both database and operating system environments to compromise.
PostgreSQL is a leading open source relational database system, powering applications for enterprises, governments, and startups worldwide. Its extensive feature set and reliability have made it a backbone for critical data infrastructure.
Technical Information
CVE-2025-8715 is a critical vulnerability in PostgreSQL's backup and migration utilities (pg_dump, pg_dumpall, pg_restore, pg_upgrade). The issue is rooted in improper neutralization of newline (CRLF) characters in database object names. Attackers with privileges to create or alter objects can craft names containing newline sequences followed by psql meta-commands (such as \! for shell execution).
When pg_dump or related tools export the database, these object names are written verbatim into the dump file. If the dump is later restored using psql, the embedded meta-commands are interpreted as commands by the psql client, executing with the privileges of the user running the restore. This enables arbitrary code execution on the client machine. Alternatively, attackers can inject SQL statements to be executed as a superuser on the target database during restoration.
The vulnerability is classified as CWE-93 (improper neutralization of CRLF sequences). It is a regression of CVE-2012-0868, which had previously addressed similar issues. The bug was reintroduced in PostgreSQL version 11.20 and persisted in all subsequent versions up to the fixed releases.
Affected Systems and Versions
- PostgreSQL pg_dump, pg_dumpall, pg_restore, pg_upgrade
- Affected versions: 11.20 up to (but not including) 17.6, 16.10, 15.14, 14.19, 13.22
- Versions before 11.20 are not affected
Vendor Security History
PostgreSQL has a strong track record for security responsiveness. However, this vulnerability is a direct regression of CVE-2012-0868, which was fixed over a decade ago. The reintroduction of this class of bug highlights the ongoing challenge of maintaining security controls across multiple long-lived branches and evolving codebases. The PostgreSQL team typically issues timely patches and advisories for critical vulnerabilities.