Threat perpetrators responsible for the exploitation of a zero-day weakness in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 are believed to have also leveraged a previously undiscovered SQL injection vulnerability in PostgreSQL, based on insights from Rapid7.
The flaw, identified as CVE-2025-1094 (CVSS score: 8.1), impacts the PostgreSQL command-line interface psql.
“An