How to fix CVE-2025-0218?

Within 30 days: Identify affected systems running a temporary directory and then executed. In and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Pgagent affected by CVE-2025-0218?

Organizations using a temporary directory and then executed. In should be aware of moderate risk from CVE-2025-0218 rated CVSS 5.5. Exploitation could compromise the security of affected deployments. A patch is available and should be applied during regular vulnerability management.

CVE-2025-0218

MEDIUM

2025-01-07 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:02 vuln.today

Patch Released

Mar 28, 2026 - 18:02 nvd

Patch available

CVE Published

Jan 07, 2025 - 20:15 nvd

MEDIUM 5.5

Description

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

Analysis

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical Context

This vulnerability is classified under CWE-340. When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. Affected products include: Pgadmin Pgagent. Version information: prior to 4.2.3.

Affected Products

Pgadmin Pgagent.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +28

POC: 0

Vendor Status

CVE-2025-0218 vulnerability details – vuln.today

Back

CVE-2025-0218

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-0218

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code