<ul><li>Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7.</li><li>The vulnerability, tracked as CVE-2025-1094, is an SQL injection issue in PostgreSQL's psql tool caused by improper neutralization of quoting syntax in libpq functions.</li><li>This flaw allows attackers to inject malicious SQL commands and potentially achieve remote code execution.</li><li>PostgreSQL has released patches in versions 17.3, 16.7, 15.11, 14.16, and 13.19 to address the vulnerability.</li></ul>

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Discover more