Security News > 2025 > February > A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
2025-02-17 13:48

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the Treasury’s BeyondTrust Remote Support SaaS instances via CVE-2024-12356, a previously unknown unauthenticated command injection vulnerability. But, as Rapid7 researchers discovered (and confirmed by testing), “a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order … More → The post A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/02/17/a-postgresql-zero-day-was-also-exploited-in-us-treasury-hack-cve-2025-1094/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-02-13 CVE-2025-1094 Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns.
0.0
2024-12-17 CVE-2024-12356 Command Injection vulnerability in Beyondtrust Remote Support
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
network
low complexity
beyondtrust CWE-77
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Postgresql 5 3 28 49 10 90