Data Management and Analytics

In PostgreSQL versions 13 through 17 a high severity vulnerability CVE-2025-8714 was detected. This vulnerability allows attackers to inject arbitrary code for restore-time execution as the client operating system account running psql via psql meta-commands. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8714.

In PostgreSQL versions 13 through 17 a high severity vulnerability CVE-2025-8715 was detected. This vulnerability allows attackers to inject arbitrary code or achieve SQL injection via a purpose-crafted object name during the restore process. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8715.

In PostgreSQL versions 13 through 17 a low severity vulnerability CVE-2025-8713 was detected. This vulnerability allows attackers to read sampled data from views or tables that are protected by access control lists (ACLs) or row security policies. To address this issue, users should upgrade PostgreSQL to versions 13.22, 14.19, 15.14, 16.10 or 17.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8713.

In SQLite versions from 3.39.2 to before 3.41.2 a medium severity vulnerability CVE-2025-7458 was detected. This vulnerability allows attackers to crash the system or read sensitive data from memory by running a specially crafted SELECT query with many items in the ORDER BY part. To address this issue, users should upgrade SQLite to versions 3.41.2 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-7458.

In Redis versions up to and including 8.0.3 a medium severity vulnerability CVE-2025-46686 was detected. This vulnerability allows authenticated attackers to cause excessive memory consumption by sending a multi-bulk command with many bulks, even if the command is skipped due to insufficient permissions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46686.

In Grafana versions 11.5.0 and later a medium severity vulnerability CVE-2025-6197 was detected. This vulnerability allows attackers to perform open redirects during organization switching when multiple organizations exist and the victim belongs to a different organization than the one specified in the URL. To address this issue users should upgrade Grafana to versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 or 11.3.8+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6197.

In Grafana versions from 11.5.0 a high severity vulnerability CVE-2025-6023 was detected. This vulnerability allows attackers to exploit an open redirect that can be chained with path traversal issues to perform cross-site scripting (XSS) attacks. To address this issue, users should upgrade Grafana to versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 or 11.3.8+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6023.

In Oracle MySQL Client versions 8.0.0 through 8.0.42, 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0 a low severity vulnerability CVE-2025-50081 was detected in the mysqldump component. This vulnerability allows high-privileged attackers with network access and requiring user interaction to perform unauthorized updates, inserts, deletes, or read access to MySQL Client-accessible data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-50081.

In Oracle MySQL Server versions 8.0.0 through 8.0.42 a medium severity vulnerability CVE-2025-53023 was detected in the Replication component. This vulnerability allows high-privileged attackers with network access to cause a hang or repeatable crash of the MySQL Server, resulting in denial-of-service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53023.