CVE-2025-0218

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:pgadmin:pgagent:*:*:*:*:*:postgresql:*:*

History

03 Nov 2025, 18:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html -

Information

Published : 2025-01-07 20:15

Updated : 2025-11-03 18:15

NVD link : CVE-2025-0218

Mitre link : CVE-2025-0218

CVE.ORG link : CVE-2025-0218

JSON object : View

Products Affected

pgadmin

pgagent

CWE

CWE-340

Generation of Predictable Numbers or Identifiers

CWE-330

Use of Insufficiently Random Values

{"id": "CVE-2025-0218", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-01-07T20:15:30.710", "references": [{"url": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c", "tags": ["Patch"], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "description": [{"lang": "en", "value": "CWE-340"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks."}, {"lang": "es", "value": "Cuando pgAgent ejecuta trabajos por lotes, se crea un script en un directorio temporal y luego se ejecuta. En versiones de pgAgent anteriores a la 4.2.3, se utiliza un generador de n\u00fameros aleatorios con una informaci\u00f3n insuficiente al generar el nombre del directorio, lo que genera la posibilidad de que un atacante local cree previamente el directorio y, de esta manera, impida que pgAgent ejecute trabajos, lo que interrumpir\u00eda las tareas programadas."}], "lastModified": "2025-11-03T18:15:46.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pgadmin:pgagent:*:*:*:*:*:postgresql:*:*", "vulnerable": true, "matchCriteriaId": "CC0AB842-1447-46E4-8845-B222B09EF4A2", "versionEndExcluding": "4.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}