{"id":"CVE-2025-8713","details":"PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access.  Separately, statistics allow a user to read sampled data that a row security policy intended to hide.  PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process.  Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies.  Reachable statistics data notably included histograms and most-common-values lists.  CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.","aliases":["BIT-postgresql-2025-8713"],"modified":"2026-04-10T05:36:23.889722Z","published":"2025-08-14T13:15:37Z","related":["MGASA-2025-0230","SUSE-SU-2025:02842-1","SUSE-SU-2025:02980-1","SUSE-SU-2025:02981-1","SUSE-SU-2025:02986-1","SUSE-SU-2025:02987-1","SUSE-SU-2025:02994-1","SUSE-SU-2025:02995-1","SUSE-SU-2025:03003-1","SUSE-SU-2025:03004-1","SUSE-SU-2025:03005-1","SUSE-SU-2025:03005-2","SUSE-SU-2025:03018-1","SUSE-SU-2025:03018-2","SUSE-SU-2025:03019-1","SUSE-SU-2025:03019-2","SUSE-SU-2025:03020-1","SUSE-SU-2025:03030-1","SUSE-SU-2025:03031-1","openSUSE-SU-2025:15450-1","openSUSE-SU-2025:15451-1","openSUSE-SU-2025:15452-1","openSUSE-SU-2025:15453-1","openSUSE-SU-2025:15455-1"],"references":[{"type":"WEB","url":"https://www.postgresql.org/support/security/CVE-2025-8713/"}],"schema_version":"1.7.5"}