CVE-2025-0218

Summary

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

Affected Software

VendorProductVersion RangeStatus
n/apgAgent4 < 4.2.3affected

Weaknesses

  • CWE-340: Generation of Predictable Numbers or Identifiers

Workarounds

None.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References