CVE-2025-0218

pgAgent scheduled batch job scripts are created in a predictable temporary directory potentially allowing a denial of service

Description

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.

Remediation

Workaround:

  • None.

Categories

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: n/a pgAgent
Published at:
Updated at:

References

Link Tags
https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c patch

Frequently Asked Questions

What is the severity of CVE-2025-0218?
CVE-2025-0218 has been scored as a medium severity vulnerability.
How to fix CVE-2025-0218?
As a workaround for remediating CVE-2025-0218: None.
Is CVE-2025-0218 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0218 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0218?
CVE-2025-0218 affects n/a pgAgent.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.