ET EXPLOIT PostgreSQL psql SQL Injection (CVE-2025-1094)

SID: 2060144Rev: 3104 viewsHistory

Sourceet/open

CreatedFebruary 18, 2025

UpdatedMarch 4, 2025

Classificationattempted-admin

alert tcp any any -> $HOME_NET [$HTTP_PORTS,5432] (msg:"ET EXPLOIT PostgreSQL psql SQL Injection (CVE-2025-1094)"; flow:established,to_server; content:"|3b|"; content:"|5c 5c 21 20|"; fast_pattern; distance:0; reference:url,www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/; reference:cve,2025-1094; classtype:attempted-admin; sid:2060144; rev:3; metadata:affected_product PostgreSQL, attack_target Server, created_at 2025_02_18, cve CVE_2025_1094, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_03_04, reviewed_at 2025_08_26, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)

References

url	www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/
cve	2025-1094

Metadata

affected productPostgreSQL

attack targetServer

created at2025_02_18

cveCVE-2025-1094

deploymentInternal

confidenceMedium

signature severityMajor

tagExploit

updated at2025_03_04

reviewed at2025_08_26

mitre tactic idTA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!