CVE-2025-5690

Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data

Description

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

Remediation

Workaround:

  • Disable dynamic masking

Category

6.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: DALIBO PostgreSQL Anonymizer
Published at:
Updated at:

References

Link Tags
https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/531

Frequently Asked Questions

What is the severity of CVE-2025-5690?
CVE-2025-5690 has been scored as a medium severity vulnerability.
How to fix CVE-2025-5690?
As a workaround for remediating CVE-2025-5690: Disable dynamic masking
Is CVE-2025-5690 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-5690 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-5690?
CVE-2025-5690 affects DALIBO PostgreSQL Anonymizer.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.