CWE-149

Improper Neutralization of Quoting Syntax

2 CVEs Avg CVSS 8.2 MITRE
0
CRITICAL
2
HIGH
0
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-43878 HIGH This Week

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-1094 HIGH POC PATCH THREAT Act Now

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain.

SQLi PostgreSQL Redhat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
79.7%
CVE-2025-43878
EPSS 0% CVSS 8.3
HIGH This Week

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVE-2025-1094
EPSS 80% CVSS 8.1
HIGH POC PATCH THREAT Act Now

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain.

SQLi PostgreSQL Redhat +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy