22 hours ago · PostgreSQL zero-day linked to BeyondTrust breach. While analyzing CVE-2024-12356, the Rapid7 team uncovered a new zero-day vulnerability in PostgreSQL (CVE-2025-1094) ...

21 hours ago · A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say. Rapid7's principal security researcher, Stephen Fewer, disclosed CVE-2025-1094 (8.1) on Thursday, saying it was a key part of the exploit chain that also included the ...

1 day ago · Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product. Security researchers at Rapid7 on Thursday flagged the discovery of a new zero-day vulnerability in PostgreSQL that appears to have been a critical component in a ...

1 day ago · Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability ...

2 days ago · While CVE-2024-12356 was patched by BeyondTrust in December 2024, and this patch successfully blocks exploitation of both CVE-2024-12356 and CVE-2025-1094, the patch did not address the root cause of CVE-2025-1094, which remained a zero-day until Rapid7 discovered and reported it to PostgreSQL.

1 day ago · But the company also identified two zero-day command injection issues in its products — CVE-2024-12356 and CVE-2024-12686 – which the US Cybersecurity and Infrastructure Security Agency (CISA ...

1 day ago · As a result, whilst CVE-2024-12356 was patched, resulting in the exploitation of it and CVE-2025-1094 being blocked, the new bug remained a zero-day as the patch “did not address [its] root cause”. Rapid7 said that PostgreSQL users should update to versions 17.3, 16.7, 15.11, 14.16, or 13.19 to prevent exploitation.

The vulnerability, which allows execution of arbitrary commands via the psql interactive tool, poses significant risks to organizations deploying PostgreSQL in environments with BeyondTrust products. The issue is compounded by its chaining with a BeyondTrust zero-day vulnerability CVE-2024-12356. Our report is designed to provide technical ...

1 day ago · Rapid7's research into a zero-day vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products, identified in December 2024, has led to the discovery of a previously unknown SQL injection flaw in PostgreSQL. This flaw, designated CVE-2025-1094, affects the PostgreSQL

1 day ago · Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. ... Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks | Valve removed the game PirateFi from the Steam video game platform because contained a malware |