PostgreSQL Anonymizer Vulnerability Allows Data Exposure
CVE-2025-5690

6.5MEDIUM

Key Information:

Vendor: Dalibo
Status: Postgresql Anonymizer
Vendor: CVE Published:; 4 June 2025

What is CVE-2025-5690?

The PostgreSQL Anonymizer versions 2.0 and 2.1 have a vulnerability that permits an unauthorized masked user to circumvent the defined masking rules on a specific table. This breach allows the user to access the original data using a database cursor or the --insert option of pg_dump. Notably, the issue only manifests when dynamic masking is enabled, a setting that is not activated by default. Users should upgrade to version 2.2.1 to mitigate this risk.

Affected Version(s)

PostgreSQL Anonymizer 1 < 2.2.1

References

https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/531

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

The PostgreSQL Anonymizer project thanks Jukka Heiskanen for reporting this problem.