CVE-2025-8713 is a vulnerability in PostgreSQL that allows unauthorized users to infer sensitive information through the database's optimizer statistics. PostgreSQL collects statistics on table data by sampling column values, which are used by the query planner to optimize execution. However, this sampled data, including histograms and most-common-values lists, can inadvertently expose information about data in views or rows protected by access control lists (ACLs) and row security policies. Specifically, a user with limited privileges can craft queries using specially designed operators that bypass view ACLs and row-level security policies, thereby accessing statistical metadata that reveals information about data they should not see. This vulnerability affects PostgreSQL versions prior to 17.6, 16.10, 15.14, 14.19, and 13.22. Previous CVEs (CVE-2017-7484 and CVE-2019-10130) addressed similar issues but did not fully close this attack vector. The CVSS score is 3.1 (low severity), reflecting limited confidentiality impact and requiring network access with low privileges but high attack complexity and no user interaction. No known exploits are currently reported in the wild. The vulnerability does not impact data integrity or availability but poses a risk of sensitive data exposure through metadata leakage, which could aid attackers in reconnaissance or targeted attacks.

For European organizations using PostgreSQL databases, this vulnerability could lead to unauthorized disclosure of sensitive information through metadata leakage. Although the direct data exposure is limited to statistical samples rather than full data rows, it can still reveal patterns, distributions, or common values within protected datasets, potentially compromising confidentiality. This is particularly concerning for sectors handling sensitive personal data, such as finance, healthcare, and government, where even partial data exposure can violate GDPR and other privacy regulations. The vulnerability could be exploited by internal threat actors or attackers who have gained limited database access but lack full privileges. While the impact on data integrity and availability is negligible, the confidentiality breach could facilitate further attacks or data inference. Given PostgreSQL's widespread use across European enterprises and public sector organizations, the risk is non-trivial, especially in environments relying heavily on row-level security policies and complex view-based access controls.

To mitigate this vulnerability, European organizations should promptly upgrade PostgreSQL to the fixed versions: 17.6, 16.10, 15.14, 14.19, or 13.22, depending on their current deployment. If immediate upgrading is not feasible, organizations should review and tighten database user privileges to minimize access to potentially leaky operators and restrict the ability to query optimizer statistics. Implementing strict monitoring and auditing of database queries that access statistical metadata can help detect suspicious activity. Additionally, organizations should evaluate the use of row security policies and view definitions to ensure they do not inadvertently expose sensitive data through metadata. Applying network segmentation and limiting database access to trusted users and applications will reduce the attack surface. Finally, organizations should stay informed about PostgreSQL security advisories and apply patches promptly to prevent exploitation.