-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description for CVE-2025-1094 explicitly lists PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() as the affected functions within the PostgreSQL libpq library. The fetched URL content, particularly from postgresql.org and rapid7.com, corroborates this. These functions fail to properly neutralize quoting syntax when dealing with certain inputs, especially with specific character encodings (BIG5 client and EUC_TW or MULE_INTERNAL server). When the output of these functions is used to construct commands for the 'psql' interactive terminal, SQL injection becomes possible. The file path 'src/interfaces/libpq/fe-exec.c' is a common location for these libpq functions, though without specific commit data, this is an educated inference based on PostgreSQL's source structure. The confidence is high because the functions are directly named in the official CVE description and security advisories.
Ongoing coverage of React2Shell