How severe is CVE-2022-2625?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2022-2625?

This is classified as CWE-915, which is a common weakness in software security.

CVE-2022-2625 - HIGH Severity | CVSS 8

Vulnerability Description

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Related Vulnerabilities

CVE-2025-30358

HIGH

CVSS:8.1(High)

Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and cl...

CWE-9152025

CVE-2022-4068

HIGH

CVSS:7.6(High)

A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This ...

CWE-9152022

CVE-2022-48359

HIGH

CVSS:7.5(High)

The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.

CWE-9152022

CVE-2025-31674

HIGH

CVSS:7.5(High)

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, fr...

CWE-9152025

CVE-2021-32807

HIGH

CVSS:7.2(High)

The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the c...

CWE-9152021

CVE-2021-32811

HIGH

CVSS:7.2(High)

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope ...

CWE-9152021