CVE-2025-4207: 
PostgreSQL vulnerability analysis and mitigation

A buffer over-read vulnerability in PostgreSQL's GB18030 encoding validation component, identified as CVE-2025-4207, was disclosed on May 8, 2025. The vulnerability affects PostgreSQL versions before 17.5, 16.9, 15.13, 14.18, and 13.21, impacting both the database server and libpq client library (PostgreSQL Security).

The vulnerability is classified as a Buffer Over-read (CWE-126) that occurs during GB18030 encoding validation. When validating text input, the system can read one byte past the end of the allocated memory buffer for text that fails validation. The vulnerability has received a CVSS v3.1 score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, Wiz).

The primary impact of this vulnerability is the potential for temporary denial of service, specifically on platforms where a 1-byte over-read can trigger process termination. This affects both the PostgreSQL database server and applications using the libpq client library (PostgreSQL Security).

The vulnerability has been fixed in PostgreSQL versions 17.5, 16.9, 15.13, 14.18, and 13.21. Users are strongly advised to upgrade to these patched versions to mitigate the vulnerability (PostgreSQL Security).