CVE-2025-58450NVD

Vulnerability Summary

pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a patch to mitigate such attempts.

Severity Level

CRITICAL(9.3)

Published Date

Sep 8, 2025

Last Modified

Sep 9, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-89: SQL Injection ↗

Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

External References

https://github.com/prest/prest/commit/47d02b87842900f77d76fc694d9aa7e983b0711c
https://github.com/prest/prest/security/advisories/GHSA-p46v-f2x8-qp98
https://github.com/prest/prest/security/advisories/GHSA-p46v-f2x8-qp98

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2025-58450NVD

Vulnerability Summary

External References