{"id":"CVE-2025-8714","details":"Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands.  pg_dumpall is also affected.  pg_restore is affected when used to generate a plain-format dump.  This is similar to MySQL CVE-2024-21096.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.","aliases":["BIT-postgresql-2025-8714"],"modified":"2026-04-16T04:39:52.181764029Z","published":"2025-08-14T13:15:37Z","related":["ALSA-2025:14826","ALSA-2025:14827","ALSA-2025:14862","ALSA-2025:14878","ALSA-2025:14899","ALSA-2025:15021","ALSA-2025:15022","ALSA-2025:15115","SUSE-SU-2025:02842-1","SUSE-SU-2025:02980-1","SUSE-SU-2025:02981-1","SUSE-SU-2025:02986-1","SUSE-SU-2025:02987-1","SUSE-SU-2025:02994-1","SUSE-SU-2025:02995-1","SUSE-SU-2025:03003-1","SUSE-SU-2025:03004-1","SUSE-SU-2025:03005-1","SUSE-SU-2025:03005-2","SUSE-SU-2025:03018-1","SUSE-SU-2025:03018-2","SUSE-SU-2025:03019-1","SUSE-SU-2025:03019-2","SUSE-SU-2025:03020-1","SUSE-SU-2025:03030-1","SUSE-SU-2025:03031-1","openSUSE-SU-2025:15450-1","openSUSE-SU-2025:15451-1","openSUSE-SU-2025:15452-1","openSUSE-SU-2025:15453-1","openSUSE-SU-2025:15455-1","openSUSE-SU-2025:15493-1"],"references":[{"type":"WEB","url":"https://www.postgresql.org/support/security/CVE-2025-8714/"}],"schema_version":"1.7.5"}