Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0218

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

Published

2025-01-07T20:15:30.710

Last Modified

2025-11-03T18:15:46.017

Status

Modified

Source

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-340
Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pgadmin	pgagent	< 4.2.3	Yes

References

https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c Patch (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007)
https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)