Data Exposure Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2025-8713

3.1LOW

Key Information:

Vendor: PostgreSQL Global Development Group
Status: Postgresql
Vendor: CVE Published:; 14 August 2025

🔔 Create PostgreSQL Global Development Group Vulnerability Alert

What is CVE-2025-8713?

The vulnerability exists within PostgreSQL's optimizer statistics, which can potentially expose sampled data from views that a user is otherwise unauthorized to access. This flaw allows users to exploit row security policies designed to protect sensitive data, enabling access to histograms and most-common-values lists during query planning. Previous security measures have not closed this loophole, making certain PostgreSQL versions susceptible to unauthorized data exposure.

Affected Version(s)

PostgreSQL 17 < 17.6

PostgreSQL 16 < 16.10

PostgreSQL 15 < 15.14

References

https://www.postgresql.org/support/security/CVE-2025-8713/

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Aug 7, 2025

Credit

The PostgreSQL project thanks Dean Rasheed for reporting this problem.