What is the CVSS score of CVE-2025-12818?

CVE-2025-12818 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of PostgreSQL are affected by CVE-2025-12818?

Organizations using Integer wraparound in multiple PostgreSQL libpq client library functions should be aware of moderate risk from CVE-2025-12818, a integer overflow vulnerability rated CVSS 5.9.. A patch is available.

Is there a public PoC exploit available for CVE-2025-12818?

Yes, a public proof-of-concept exploit is available for CVE-2025-12818. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-12818?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

PostgreSQL CVE-2025-12818

MEDIUM

Integer Overflow or Wraparound (CWE-190)

2025-11-13 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Buffer Overflow PostgreSQL Integer Overflow Red Hat Suse

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 05, 2026 - 02:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 19:22 vuln.today

PoC Detected

Nov 14, 2025 - 16:42 vuln.today

Public exploit code

CVE Published

Nov 13, 2025 - 13:15 nvd

MEDIUM 5.9

DescriptionNVD

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

AnalysisAI

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.