Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-55282: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in aiven aiven-db-migrate

Critical
VulnerabilityCVE-2025-55282cvecve-2025-55282cwe-22
Published: Mon Aug 18 2025 (08/18/2025, 16:44:02 UTC)
Source: CVE Database V5
Vendor/Project: aiven
Product: aiven-db-migrate

Description

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7.

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-08-12T16:15:30.236Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68a35cb2ad5a09ad00b0b5ee

Added to database: 8/18/2025, 5:02:42 PM

Last updated: 8/18/2025, 5:02:42 PM

Views: 1

Related Threats

CVE-2025-55283: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in aiven aiven-db-migrate

Critical
VulnerabilityMon Aug 18 2025

CVE-2025-54234: Server-Side Request Forgery (SSRF) (CWE-918) in Adobe ColdFusion

Low
VulnerabilityMon Aug 18 2025

CVE-2025-3639: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Liferay Portal

Low
VulnerabilityMon Aug 18 2025

CVE-2025-55288: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MGeurts genealogy

Medium
VulnerabilityMon Aug 18 2025

CVE-2025-55287: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MGeurts genealogy

High
VulnerabilityMon Aug 18 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats