CVE-2025-8715 is a vulnerability in PostgreSQL caused by improper neutralization of CRLF (carriage return and line feed) sequences in the pg_dump utility and related tools such as pg_dumpall, pg_restore, and pg_upgrade. This flaw allows a user on the origin server to craft object names containing malicious psql meta-commands that inject arbitrary code executed during the restore process on the client side, running with the privileges of the operating system account executing psql. Additionally, if the restore is performed as a superuser on the target PostgreSQL server, the injected commands can escalate to SQL injection attacks, compromising the database's confidentiality, integrity, and availability. The vulnerability affects PostgreSQL versions 11.20 and later up to but not including 17.6, 16.10, 15.14, 14.19, and 13.22. Notably, this issue reintroduced a class of vulnerability previously fixed in CVE-2012-0868. The vulnerability has a CVSS 3.1 base score of 8.8, reflecting its high severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction. Although no exploits are currently known in the wild, the potential for arbitrary code execution and SQL injection makes this a critical concern for PostgreSQL users. The flaw arises from insufficient sanitization of newline characters in object names during dump and restore operations, enabling CRLF injection that manipulates psql meta-commands. This can lead to execution of unintended commands on the client OS or SQL commands on the database server during restoration.

The impact of CVE-2025-8715 is significant for organizations relying on PostgreSQL for critical data storage and management. Exploitation can lead to arbitrary code execution on the client machine performing the restore, potentially compromising the host system and any connected networks. Furthermore, SQL injection as a superuser during restore can lead to full database compromise, data leakage, unauthorized data modification, or denial of service. This undermines the confidentiality, integrity, and availability of organizational data. Since pg_dump and related utilities are commonly used for backup and migration, this vulnerability poses a risk during routine maintenance and disaster recovery operations. Attackers with access to the origin server can weaponize dump files to execute malicious payloads on restore, potentially bypassing traditional network defenses. The vulnerability affects multiple major PostgreSQL versions, increasing the scope of impacted systems globally. Organizations that do not promptly patch or implement mitigations risk severe data breaches, operational disruption, and compliance violations.

To mitigate CVE-2025-8715, organizations should immediately upgrade PostgreSQL installations to the fixed versions 17.6, 16.10, 15.14, 14.19, or 13.22 once they are released. Until patches are applied, restrict access to the origin PostgreSQL servers to trusted users only, minimizing the risk of malicious dump file creation. Validate and sanitize all object names and metadata before performing dump operations to detect suspicious characters or sequences. Avoid restoring dump files from untrusted or unknown sources. Implement strict operational controls around backup and restore procedures, including running restore operations under least-privileged OS accounts to limit potential damage from code execution. Monitor logs for unusual psql meta-command activity during restores. Employ network segmentation to isolate backup and restore environments. Consider using containerized or sandboxed environments for restore operations to contain potential exploits. Regularly audit PostgreSQL configurations and user privileges to reduce attack surface. Finally, educate database administrators about this vulnerability and the risks of restoring untrusted dumps.