CVE-2025-0218
Published: 07 January 2025
Summary
CVE-2025-0218 is a medium-severity Generation of Predictable Numbers or Identifiers (CWE-340) vulnerability in Pgadmin Pgagent. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the flaw in pgAgent's insufficiently seeded random number generator for temporary directory names by identifying, prioritizing, and applying patches or upgrades.
Protects against the local denial-of-service attack that blocks pgAgent job execution through predictable temporary directory pre-creation.
Ensures resource availability for pgAgent scheduled tasks by implementing controls to prevent interference and contention from predictable temporary directory usage.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables local exploitation of pgAgent to disrupt scheduled job execution, directly mapping to application exploitation for endpoint DoS.
NVD Description
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to…
more
the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.
Deeper analysisAI
CVE-2025-0218 is a vulnerability in pgAgent, a job scheduling agent for PostgreSQL, affecting versions prior to 4.2.3. When batch jobs are executed, pgAgent creates a script in a temporary directory, but it uses an insufficiently seeded random number generator to generate the directory name. This predictable naming allows a local attacker to pre-create the directory, preventing pgAgent from writing the script and thus blocking job execution, which disrupts scheduled tasks. The issue is linked to CWE-340 (Generation of Predictable Numbers) and CWE-330 (Use of Insufficiently Random Values).
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity and no user interaction required (AV:L/AC:L/UI:N). Successful exploitation results in a denial-of-service condition with high availability impact (A:H), as targeted batch jobs fail to run, but there is no impact on confidentiality or integrity (C:N/I:N). The CVSS v3.1 base score is 5.5, classifying it as medium severity, limited to the local scope (S:U).
Mitigation involves upgrading to pgAgent version 4.2.3 or later, where the random number generator seeding has been improved, as detailed in the fixing commit at https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c. Debian LTS users should refer to the security advisory at https://lists.debian.org/debian-lts-announce/2025/10/msg00018.html for package updates and additional guidance.
Details
- CWE(s)