Wiz
Vulnerability DatabaseCVE-2018-25088

CVE-2018-25088
Python vulnerability analysis and mitigation

Overview

A critical SQL injection vulnerability was discovered in Blue Yonder postgraas_server versions up to 2.0.0b2. The vulnerability affects the _create_pg_connection/create_postgres_db function in the PostgreSQL Backend Handler component (postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py). The vulnerability was disclosed on July 18, 2023 and assigned identifier CVE-2018-25088 (NVD).

Technical details

The vulnerability allows manipulation of SQL commands through improper neutralization of special elements in the PostgreSQL Backend Handler. The severity is rated as CRITICAL with a CVSS v3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) according to NVD assessment (NVD).

Impact

If exploited, this SQL injection vulnerability could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data theft, or manipulation of the database contents (NVD).

Mitigation and workarounds

The vulnerability was fixed in version 2.0.0 of postgraas_server. Users should upgrade to this version or later to address the issue. The fix involves hardening the database creation against SQL injections through proper parameter handling, as implemented in commit 7cd8d016edc74a78af0d81c948bfafbcc93c937c (GitHub Patch).

Additional resources

SourceThis report was generated using AI

Related Python vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23949HIGH8.6
  • PythonPython
  • jaraco.context
NoYesJan 20, 2026
CVE-2026-22219HIGH8.3
  • PythonPython
  • chainlit
NoYesJan 20, 2026
CVE-2026-23842HIGH7.5
  • PythonPython
  • chatterbot
NoYesJan 19, 2026
CVE-2026-23877MEDIUM5.3
  • PythonPython
  • swingmusic
NoYesJan 19, 2026
CVE-2026-23833LOW1.7
  • PythonPython
  • esphome
NoYesJan 19, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo