Research from Rapid7 revealed that a high-severity SQL injection vulnerability in the PostgreSQL interactive tool (CVE-2025-1094) was critical to the successful exploitation of a zero-day vulnerability used in a December attack on the US Treasury. The exploit chain relied upon this PostgreSQL flaw, which leads to arbitrary code execution (ACE). Although BeyondTrust patched its own vulnerability that was part of the chain, the root cause of the PostgreSQL issue remained unaddressed until recently, showcasing ongoing risks in vulnerability management.
Rapid7 discovered that in every scenario we tested, a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution.
While CVE-2024-12356 was patched by BeyondTrust in December 2024, and this patch successfully blocks exploitation of both CVE-2024-12356 and CVE-2025-1094, the patch did not address the root cause of CVE-2025-1094.
Collection
[
|
...
]