CVE-2025-55282

Critical CVSS: 9.1

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7.

Vendor

Aiven

Product

Aiven-db-migrate

CWE

CWE-22

Yayın Tarihi

2025-08-18 17:15:30

Güncelleme

2025-08-21 21:40:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Aiven-db-migrate CRITICAL Aiven 2025

Referanslar

https://github.com/aiven/aiven-db-migrate/commit/39517dc55720055d93262033b142a365f5bf92c5 https://github.com/aiven/aiven-db-migrate/security/advisories/GHSA-hmvf-93r4-36f9

Benzer Kayıtlar

Medium

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Tra…

High

CVE-2026-25999

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper acces…

High

CVE-2025-67745

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1…

Critical

CVE-2025-55283

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that…