Vulnerability CVE-2025-12817: Information

Description

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Severity: LOW (3.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-12817
Published: Nov. 13, 2025
Modified: Nov. 14, 2025
Error type identifier: CWE-862

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql13sisyphus13.23-alt113.23-alt2ALT-PU-2025-14370-1399850Fixed
postgresql13sisyphus_e2k13.23-alt0.p11.113.23-alt0.p11.1ALT-PU-2025-14750-1-Fixed
postgresql13sisyphus_riscv6413.23-alt113.23-alt2ALT-PU-2025-14564-1-Fixed
postgresql13sisyphus_loongarch6413.23-alt113.23-alt2ALT-PU-2025-14498-1-Fixed
postgresql13p1013.23-alt0.p10.113.23-alt0.p10.1ALT-PU-2025-14644-2399966Fixed
postgresql13p10_e2k13.23-alt0.p10.113.23-alt0.p10.1ALT-PU-2025-15206-1-Fixed
postgresql13c10f213.23-alt0.c10f2.113.23-alt0.c10f2.1ALT-PU-2025-14409-2399906Fixed
postgresql13p1113.23-alt0.p11.113.23-alt0.p11.1ALT-PU-2025-14441-2399953Fixed
postgresql14sisyphus14.20-alt114.20-alt2ALT-PU-2025-14367-1399850Fixed
postgresql14sisyphus_e2k14.20-alt0.p11.114.20-alt0.p11.1ALT-PU-2025-14751-1-Fixed
postgresql14sisyphus_riscv6414.20-alt114.20-alt2ALT-PU-2025-14565-1-Fixed
postgresql14sisyphus_loongarch6414.20-alt114.20-alt2ALT-PU-2025-14487-1-Fixed
postgresql14p1014.20-alt0.p10.114.20-alt0.p10.1ALT-PU-2025-14645-2399966Fixed
postgresql14p10_e2k14.20-alt0.p10.114.20-alt0.p10.1ALT-PU-2025-15212-1-Fixed
postgresql14c10f214.20-alt0.c10f2.114.20-alt0.c10f2.1ALT-PU-2025-14412-2399906Fixed
postgresql14c9f214.20-alt0.c9f2.114.20-alt0.c9f2.1ALT-PU-2025-14379-2399904Fixed
postgresql14p1114.20-alt0.p11.114.20-alt0.p11.1ALT-PU-2025-14445-2399953Fixed
postgresql15sisyphus15.15-alt115.15-alt2ALT-PU-2025-14363-1399850Fixed
postgresql15sisyphus_e2k15.15-alt0.p11.115.15-alt0.p11.1ALT-PU-2025-14749-1-Fixed
postgresql15sisyphus_riscv6415.15-alt115.15-alt2ALT-PU-2025-14559-1-Fixed
postgresql15sisyphus_loongarch6415.15-alt115.15-alt2ALT-PU-2025-14497-1-Fixed
postgresql15p1015.15-alt0.p10.115.15-alt0.p10.1ALT-PU-2025-14648-2399966Fixed
postgresql15p10_e2k15.15-alt0.p10.115.15-alt0.p10.1ALT-PU-2025-15213-1-Fixed
postgresql15c10f215.15-alt0.c10f2.115.15-alt0.c10f2.1ALT-PU-2025-14411-2399906Fixed
postgresql15p1115.15-alt0.p11.115.15-alt0.p11.1ALT-PU-2025-14447-2399953Fixed
postgresql15-1Cp1015.15-alt0.p10.115.15-alt0.p10.1ALT-PU-2025-14646-2399966Fixed
postgresql15-1Cp10_e2k15.15-alt0.p10.115.15-alt0.p10.1ALT-PU-2025-15203-1-Fixed
postgresql16sisyphus16.11-alt116.11-alt2ALT-PU-2025-14368-1399850Fixed
postgresql16sisyphus_e2k16.11-alt0.p11.116.11-alt0.p11.1ALT-PU-2025-14745-1-Fixed
postgresql16sisyphus_riscv6416.11-alt116.11-alt2ALT-PU-2025-14566-1-Fixed
postgresql16sisyphus_loongarch6416.11-alt116.11-alt2ALT-PU-2025-14492-1-Fixed
postgresql16p1016.11-alt0.p10.116.11-alt0.p10.1ALT-PU-2025-14642-2399966Fixed
postgresql16p10_e2k16.11-alt0.p10.116.11-alt0.p10.1ALT-PU-2025-15210-1-Fixed
postgresql16c10f216.11-alt0.c10f2.116.11-alt0.c10f2.1ALT-PU-2025-14410-2399906Fixed
postgresql16p1116.11-alt0.p11.116.11-alt0.p11.1ALT-PU-2025-14443-2399953Fixed
postgresql16-1Cc10f216.11-alt0.c10f2.116.11-alt0.c10f2.1ALT-PU-2025-14407-2399906Fixed
postgresql17sisyphus17.7-alt117.7-alt2ALT-PU-2025-14365-1399850Fixed
postgresql17sisyphus_e2k17.7-alt0.p11.117.7-alt0.p11.1ALT-PU-2025-14753-1-Fixed
postgresql17sisyphus_riscv6417.7-alt117.7-alt2ALT-PU-2025-14556-1-Fixed
postgresql17sisyphus_loongarch6417.7-alt117.7-alt2ALT-PU-2025-14488-1-Fixed
postgresql17p1017.7-alt0.p10.117.7-alt0.p10.1ALT-PU-2025-14647-2399966Fixed
postgresql17p10_e2k17.7-alt0.p10.117.7-alt0.p10.1ALT-PU-2025-15207-1-Fixed
postgresql17p1117.7-alt0.p11.117.7-alt0.p11.1ALT-PU-2025-14444-2399953Fixed
postgresql17-1Csisyphus_e2k17.7-alt0.p11.117.7-alt0.p11.1ALT-PU-2025-14752-1-Fixed
postgresql17-1Cp1117.7-alt0.p11.117.7-alt0.p11.1ALT-PU-2025-14446-2399953Fixed
postgresql18sisyphus18.1-alt118.1-alt2ALT-PU-2025-14366-1399850Fixed
postgresql18sisyphus_riscv6418.1-alt118.1-alt2ALT-PU-2025-14561-1-Fixed
postgresql18sisyphus_loongarch6418.1-alt118.1-alt2ALT-PU-2025-14496-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.postgresql.org/support/security/CVE-2025-12817/
    BDU:2025-14083
      VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
      Version: v25.10.0
      Back to top