Targeted Attacks Exploit PostgreSQL Flaw Alongside BeyondTrust Zero-Day Vulnerability
February 14, 2025
Rapid7's research into a zero-day vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products, identified in December 2024, has led to the discovery of a previously unknown SQL injection flaw in PostgreSQL. This flaw, designated CVE-2025-1094, affects the PostgreSQL interactive tool psql. As security researcher Stephen Fewer explained, "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands."
This discovery was part of Rapid7's investigation into another security flaw, CVE-2024-12356, in BeyondTrust's software. This flaw, which has been recently patched, enables unauthenticated remote code execution. Rapid7 noted that a successful exploit of CVE-2024-12356 would require exploiting CVE-2025-1094 to achieve remote code execution.
In response to the discovery, PostgreSQL's maintainers have issued an update to address the issue. The vulnerability is rooted in PostgreSQL's handling of invalid UTF-8 characters, which could allow an attacker to exploit an SQL injection using a shortcut command, "!". This command allows for shell command execution. As Fewer stated, "An attacker can leverage CVE-2025-1094 to perform this meta-command, thus controlling the operating system shell command that is executed."
Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting SimpleHelp remote support software, CVE-2024-57727, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are required to apply the fixes for this flaw by March 6, 2025.
Related News
- SimpleHelp RMM Vulnerabilities Exploited to Deploy Sliver Malware
- BeyondTrust Discloses Zero-Day Breach Impacting 17 SaaS Customers Due to Compromised API Key
- Hackers Exploit SimpleHelp RMM Software Vulnerabilities to Infiltrate Networks
- US Treasury Department Cyberattack Traced to Chinese State-Sponsored Threat Actors Through Breached Remote Support Platform
- BeyondTrust Suffers Cyberattack: Remote Support SaaS Instances Breached
Latest News
- Critical Remote Code Execution Vulnerability Identified in WinZip: CVE-2025-1240
- Palo Alto Networks Addresses High-Severity Firewall Vulnerability Amid Active Exploits
- Russian Sandworm APT's Subgroup, BadPilot, Exploits Edge Bugs on a Global Scale
- PandasAI Vulnerability Allows Full System Compromise Through Prompt Injection
- Fortinet Firewalls Compromised by New Zero-Day Exploit
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
