CVE-2025-4207

Description

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

How to fix CVE-2025-4207

To remediate CVE-2025-4207, upgrade the affected package to a fixed version below.

• —upgrade to 14.18-r0 or later
• —upgrade to 15.13-r0 or later
• —upgrade to 16.9-r0 or later
• —upgrade to 17.5-r0 or later
• —upgrade to 13.21.0 or later
• —upgrade to 13.21-0+deb11u1 or later
• —upgrade to 13.21-0+deb11u1 or later
• —upgrade to 15.13-0+deb12u1 or later
• —upgrade to 17.5-1 or later

Is CVE-2025-4207 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (9)

• from 0, < 14.18-r0
• from 0, < 15.13-r0
• from 0, < 16.9-r0
• from 0, < 17.5-r0
• from 0, < 13.21.0, >= 14.0.0, < 14.18.0, >= 15.0.0, < 15.13.0, >= 16.0.0, < 16.9.0, >= 17.0.0, < 17.5.0
• from 0, < 13.21-0+deb11u1
• from 0, < 13.21-0+deb11u1
• from 0, < 15.13-0+deb12u1
• from 0, < 17.5-1

CVSS scores

References (6)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2025-4207
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-4207
• WEBlists.debian.org/debian-lts-announce/2025/05/msg00011.html
• WEBnvd.nist.gov/vuln/detail/CVE-2025-4207
• WEB