{"api_version":"1","generated_at":"2026-04-23T03:06:00+00:00","cve":"CVE-2020-25696","urls":{"html":"https://cve.report/CVE-2020-25696","api":"https://cve.report/api/cve/CVE-2020-25696.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-25696","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-25696"},"summary":{"title":"CVE-2020-25696","description":"A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-11-23 22:15:00","updated_at":"2023-11-07 03:20:00"},"problem_types":["CWE-183"],"metrics":[],"references":[{"url":"https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/","name":"https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"PostgreSQL: PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Released!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1894430","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1894430","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1894430 – (CVE-2020-25696) CVE-2020-25696 postgresql: psql's \\gset allows overwriting specially treated variables","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202012-07","name":"GLSA-202012-07","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"PostgreSQL: Multiple vulnerabilities (GLSA 202012-07) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html","name":"[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2478-1] postgresql-9.6 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-25696","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25696","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"25696","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25696","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25696","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postgresql","cpe5":"postgresql","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25696","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postgresql","cpe5":"postgresql","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-25696","qid":"159270","title":"Oracle Enterprise Linux Security Update for rh-postgresql10-postgresql (ELSA-2021-9290)"},{"cve":"CVE-2020-25696","qid":"376872","title":"Alibaba Cloud Linux Security Update for libpq (ALINUX3-SA-2021:0002)"},{"cve":"CVE-2020-25696","qid":"377113","title":"Alibaba Cloud Linux Security Update for postgresql:12 (ALINUX3-SA-2021:0017)"},{"cve":"CVE-2020-25696","qid":"500540","title":"Alpine Linux Security Update for postgresql"},{"cve":"CVE-2020-25696","qid":"502008","title":"Alpine Linux Security Update for postgresql14"},{"cve":"CVE-2020-25696","qid":"502162","title":"Alpine Linux Security Update for postgresql12"},{"cve":"CVE-2020-25696","qid":"502774","title":"Alpine Linux Security Update for postgresql15"},{"cve":"CVE-2020-25696","qid":"504307","title":"Alpine Linux Security Update for postgresql14"},{"cve":"CVE-2020-25696","qid":"505666","title":"Alpine Linux Security Update for postgresql15"},{"cve":"CVE-2020-25696","qid":"750347","title":"OpenSUSE Security Update for postgresql, postgresql13 (openSUSE-SU-2021:0337-1)"},{"cve":"CVE-2020-25696","qid":"750566","title":"OpenSUSE Security Update for postgresql10 (openSUSE-SU-2020:2028-1)"},{"cve":"CVE-2020-25696","qid":"750567","title":"OpenSUSE Security Update for postgresql12 (openSUSE-SU-2020:2029-1)"},{"cve":"CVE-2020-25696","qid":"750573","title":"OpenSUSE Security Update for postgresql12 (openSUSE-SU-2020:2018-1)"},{"cve":"CVE-2020-25696","qid":"750575","title":"OpenSUSE Security Update for postgresql10 (openSUSE-SU-2020:2019-1)"},{"cve":"CVE-2020-25696","qid":"900020","title":"CBL-Mariner Linux Security Update for postgresql 12.5"},{"cve":"CVE-2020-25696","qid":"903127","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for postgresql (3644)"},{"cve":"CVE-2020-25696","qid":"940127","title":"AlmaLinux Security Update for postgresql:10 (ALSA-2020:5567)"},{"cve":"CVE-2020-25696","qid":"940130","title":"AlmaLinux Security Update for postgresql:12 (ALSA-2020:5620)"},{"cve":"CVE-2020-25696","qid":"940246","title":"AlmaLinux Security Update for libpq (ALSA-2020:5401)"},{"cve":"CVE-2020-25696","qid":"940299","title":"AlmaLinux Security Update for postgresql:9.6 (ALSA-2020:5619)"},{"cve":"CVE-2020-25696","qid":"960242","title":"Rocky Linux Security Update for postgresql:12 (RLSA-2020:5620)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-25696","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"PostgreSQL","version":{"version_data":[{"version_value":"All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-183->CWE-270"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1894430","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1894430"},{"refsource":"MISC","name":"https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/","url":"https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"},{"refsource":"GENTOO","name":"GLSA-202012-07","url":"https://security.gentoo.org/glsa/202012-07"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2020-11-23 22:15:00","lastModifiedDate":"2023-11-07 03:20:00","problem_types":["CWE-183"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.6},"severity":"HIGH","exploitabilityScore":4.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"9.6.0","versionEndExcluding":"9.6.20","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.15","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5.0","versionEndExcluding":"9.5.24","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"25696","Ordinal":"187113","Title":"CVE-2020-25696","CVE":"CVE-2020-25696","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"25696","Ordinal":"1","NoteData":"A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"25696","Ordinal":"2","NoteData":"2020-11-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"25696","Ordinal":"3","NoteData":"2020-12-06","Type":"Other","Title":"Modified"}]}}}