Cyber Resilience

CVE-2025-55282

Critical

Published: 18 August 2025

Published
18 August 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0015 35.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55282 is a critical-severity Path Traversal (CWE-22) vulnerability in Aiven Aiven-Db-Migrate. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-55282 is a privilege escalation vulnerability in aiven-db-migrate, an Aiven database migration tool. Versions prior to 1.0.7 fail to restrict the search_path during migrations from untrusted source servers to PostgreSQL databases. This allows an attacker to override the pg_catalog schema and execute untrusted operators with superuser privileges. The issue is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An attacker with high privileges (PR:H), such as the ability to initiate or influence a database migration from an untrusted source, can exploit this over the network with low complexity and no user interaction. Successful exploitation changes the scope (S:C) and grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H), enabling superuser escalation within the target PostgreSQL database.

The vulnerability is fixed in aiven-db-migrate version 1.0.7. Aiven's security advisory (GHSA-hmvf-93r4-36f9) and the corresponding patch commit (39517dc55720055d93262033b142a365f5bf92c5) detail the remediation, which addresses the search_path restriction to prevent schema override during migrations. Security practitioners should upgrade to 1.0.7 or later and audit migration workflows involving untrusted sources.

EU & UK References

Vulnerability details

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of…

more

search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct privilege escalation to superuser via exploitation of search_path handling flaw during DB migration, matching T1068 exactly.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33747Shared CWE-22
CVE-2025-54307Shared CWE-22
CVE-2026-20614Shared CWE-22
CVE-2024-48885Shared CWE-22
CVE-2026-32060Shared CWE-22
CVE-2025-48567Shared CWE-22
CVE-2025-66429Shared CWE-22
CVE-2026-20615Shared CWE-22
CVE-2026-20688Shared CWE-22
CVE-2016-20041Shared CWE-22

Affected Assets

aiven
aiven-db-migrate
≤ 1.0.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent privilege escalation during database migrations by ensuring the aiven-db-migrate tool and PostgreSQL connections do not allow superuser elevation from untrusted sources.

prevent

Requires timely remediation and patching of the specific search_path restriction flaw in aiven-db-migrate versions prior to 1.0.7 to eliminate the privilege escalation vulnerability.

prevent

Mandates secure configuration settings for database migration tools, including explicit search_path restrictions, to block pg_catalog overrides during migrations from untrusted sources.

References