Security News > 2025 > February > A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
2025-02-17 13:48
The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the Treasury’s BeyondTrust Remote Support SaaS instances via CVE-2024-12356, a previously unknown unauthenticated command injection vulnerability. But, as Rapid7 researchers discovered (and confirmed by testing), “a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order … More → The post A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) appeared first on Help Net Security.
News URL
Related news
- China-Linked Cyber Threat Group Hacks US Treasury Department (source)
- CISA says recent government hack limited to US Treasury (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2025-1094 | Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. | 0.0 |
| 2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |