CVE-2025-55282 is a critical privilege escalation vulnerability affecting versions of the Aiven database migration tool 'aiven-db-migrate' prior to 1.0.7. The vulnerability stems from improper limitation of a pathname to a restricted directory, categorized under CWE-22 (Path Traversal). Specifically, during database migrations from untrusted source servers, the tool fails to restrict the PostgreSQL 'search_path' parameter adequately. This misconfiguration allows an attacker to override the 'pg_catalog' schema, which is a trusted system catalog in PostgreSQL, by injecting malicious operators or functions. Consequently, the attacker can execute arbitrary code with superuser privileges inside the PostgreSQL database environment. This escalation occurs without requiring user interaction and can be triggered remotely over the network (AV:N), with low attack complexity (AC:L), but requires some level of privileges (PR:H) on the database to initiate the migration process. The vulnerability impacts confidentiality, integrity, and availability severely, as an attacker gaining superuser rights can manipulate data, disrupt services, or exfiltrate sensitive information. The issue was addressed and fixed in version 1.0.7 of aiven-db-migrate by enforcing proper search_path restrictions to prevent overriding of critical system catalogs during migration. No known exploits are currently reported in the wild, but the high CVSS score (9.1) and the nature of the vulnerability make it a significant threat to organizations using affected versions of this tool for PostgreSQL migrations.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on Aiven's database migration tool in their PostgreSQL environments. Exploitation could lead to full database compromise, allowing attackers to alter or delete critical business data, disrupt operations, or gain persistent access to backend systems. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government, where unauthorized data access or modification could result in regulatory penalties under GDPR and other compliance frameworks. Additionally, the ability to escalate privileges to superuser within PostgreSQL could facilitate lateral movement within enterprise networks, increasing the risk of broader compromise. Given the migration tool’s role in transferring data between environments, attackers might also inject malicious payloads during migration, potentially affecting downstream systems. The lack of known exploits in the wild provides a window for organizations to patch and mitigate, but the critical severity demands urgent attention to avoid potential future attacks.

European organizations should immediately upgrade aiven-db-migrate to version 1.0.7 or later, where the vulnerability is patched. Until the upgrade is applied, restrict access to the migration tool to trusted administrators and limit migration operations to trusted source servers only. Implement strict network segmentation and access controls around database migration infrastructure to reduce exposure. Monitor database logs for unusual changes to the 'search_path' or unexpected superuser activity during migrations. Employ PostgreSQL role and permission hardening to minimize the privileges granted to users performing migrations, ensuring they do not have unnecessary superuser rights. Additionally, conduct security audits of migration workflows and validate the integrity of source data before migration. Incorporating runtime monitoring and anomaly detection for database operations can help identify exploitation attempts early. Finally, ensure that incident response plans include procedures for rapid remediation of database privilege escalations.