CVE-2025-8713
Description
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
108- Range: <17.6, <16.10, <15.14, <14.19, <13.22
- osv-coords107 versionspkg:bitnami/postgresqlpkg:rpm/opensuse/postgresql13&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql13&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql14&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql15&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql15&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql16&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql17&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/postgresql13&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql14&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql14&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/postgresql14&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/postgresql15&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql15&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/postgresql15&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/postgresql16&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql16&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/postgresql16&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/postgresql17&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql17&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/postgresql17&distro=SUSE%20Manager%20Server%20LTS%204.3
< 13.22.0+ 106 more
- (no CPE)range: < 13.22.0
- (no CPE)range: < 13.22-150600.14.11.1
- (no CPE)range: < 13.22-1.1
- (no CPE)range: < 14.19-150600.16.20.1
- (no CPE)range: < 14.19-1.1
- (no CPE)range: < 15.14-150600.16.20.1
- (no CPE)range: < 15.14-1.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-1.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-1.1
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-3.66.1
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-150200.5.75.2
- (no CPE)range: < 13.22-3.66.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150600.16.20.1
- (no CPE)range: < 14.19-150600.16.20.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150600.16.20.1
- (no CPE)range: < 14.19-150600.16.20.1
- (no CPE)range: < 14.19-3.60.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-3.60.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 14.19-150200.5.61.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150600.16.20.1
- (no CPE)range: < 15.14-150600.16.20.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-3.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-3.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 15.14-150200.5.44.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-150600.16.21.1
- (no CPE)range: < 16.10-3.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-3.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 16.10-150200.5.32.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-150600.13.16.1
- (no CPE)range: < 17.6-3.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-3.16.1
- (no CPE)range: < 17.6-150200.5.16.1
- (no CPE)range: < 17.6-150200.5.16.1
Patches
Vulnerability mechanics
References
1News mentions
1- GitLab Patch Release: 18.4.1, 18.3.3, 18.2.7GitLab Security Releases · Sep 25, 2025