MEDIUMRemediated

CVE-2025-7634

pg_dump privilege escalation via crafted schema name

Technology

PostgreSQL

CVSS Score

5.9 / 10.0

Affected Versions

11.0 – 11.21

Patched In

OSSeva for PostgreSQL 11.21-osseva-1

Published

September 30, 2025

Remediated

October 14, 2025 (6mo ago)

Description

pg_dump does not adequately quote schema names that contain special characters, allowing an authenticated user who can create schemas to escalate privileges during a backup operation.

Is your PostgreSQL deployment affected?

If you're running 11.0 – 11.21, you need this patch. Book a discovery call to get covered.

Book a discovery call View PostgreSQL coverage →