{"id":"AZL-66300","summary":"CVE-2025-8713 affecting package postgresql for versions less than 16.10-1","details":"PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access.  Separately, statistics allow a user to read sampled data that a row security policy intended to hide.  PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process.  Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies.  Reachable statistics data notably included histograms and most-common-values lists.  CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.","modified":"2026-04-01T05:20:56.698446Z","published":"2025-08-14T13:15:37Z","upstream":["CVE-2025-8713"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8713"}],"affected":[{"package":{"name":"postgresql","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/postgresql"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.10-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66300.json"}}],"schema_version":"1.7.5"}