PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

thehackernews.com

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

thehackernews.com

Resident PulserB to

Pulse of TruthEnglish · 11 months ago

PostgreSQL SQL injection flaw (CVE-2025-1094) exploited alongside BeyondTrust zero-day, enabling arbitrary code execution.

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An

You must log in or # to comment.

Chat

Pulse of Truth

pulse_of_truth

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !pulse_of_truth@infosec.pub

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

61 users / day
245 users / week
868 users / month
2.9K users / 6 months
184 local subscribers
1.87K subscribers
4.51K Posts
3.19K Comments
Modlog

mods:
krogoth