Critical PostgreSQL Zero-Day Linked to BeyondTrust Attacks: Double Exploit Enables Remote Code Execution

PostgreSQL Zero-Day Vulnerability Linked to BeyondTrust Exploitation

Security researchers at Rapid7 have uncovered that threat actors who exploited BeyondTrust’s software in December 2024 also leveraged a previously unknown SQL injection vulnerability in PostgreSQL’s psql tool. The newly discovered flaw, designated as CVE-2025-1094 with a CVSS score of 8.1, enables attackers to achieve arbitrary code execution through the tool’s meta-commands.

The investigation revealed that successful exploitation of BeyondTrust’s CVE-2024-12356 vulnerability required the concurrent exploitation of the PostgreSQL flaw to achieve remote code execution. The vulnerability exists in PostgreSQL’s handling of invalid UTF-8 characters, allowing attackers to execute shell commands through the “!” shortcut command.

PostgreSQL has released patches for multiple versions:
– Version 17.3
– Version 16.7
– Version 15.11
– Version 14.16
– Version 13.19

In related developments, CISA has added SimpleHelp remote support software vulnerability (CVE-2024-57727) to its Known Exploited Vulnerabilities catalog, with federal agencies required to implement fixes by March 6, 2025.

Keywords: PostgreSQL zero-day vulnerability, SQL injection exploit, BeyondTrust security breach, CVE-2025-1094, PostgreSQL psql vulnerability, remote code execution

Share This Article

Critical PostgreSQL Zero-Day Linked to BeyondTrust Attacks: Double Exploit Enables Remote Code Execution

Related Articles

Urgent Alert: Booking.com Phishing Scam Uses “ClickFix” Trick to Deploy Dangerous Malware Against Hospitality Workers

Urgent Alert: Critical FreeType Vulnerability Actively Exploited in the Wild – What You Need to Know

Alert: Medusa Ransomware Strikes Over 300 U.S. Critical Infrastructure Organizations

Quick Links

Company

Get In Touch