Buffer Over-read Vulnerability in PostgreSQL Database Server
CVE-2025-4207

5.9MEDIUM

Key Information:

Vendor: PostgreSQL
Status: Postgresql
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-4207?

A buffer over-read issue in PostgreSQL's GB18030 encoding validation could allow a database input provider to trigger a temporary denial of service. The vulnerability can result in process termination on platforms where a single-byte over-read can be exploited. This affects the core PostgreSQL database server as well as its libpq library, impacting various versions of the software. It is essential for users to upgrade to the latest, patched versions to mitigate this vulnerability.

Affected Version(s)

PostgreSQL 17 < 17.5

PostgreSQL 16 < 16.9

PostgreSQL 15 < 15.13

References

https://www.postgresql.org/support/security/CVE-2025-4207/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
May 2, 2025