How severe is CVE-2025-0218?

CVE-2025-0218 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2025-0218

Name: pgagent
Author: pgadmin

5.5MEDIUM

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used

Published: 1/7/2025Updated: 11/3/2025

Description

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

AI AnalysisPowered by AI

Affected Products

pgadminpgagent

References

https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html