ALAS2-2025-2866 — Vulnetix

ALAS2-2025-2866 PUBLISHED

Affected Products

Vendor	Product	Versions
Amazon	postgresql

Exploit Intelligence

🔒 CVE-2025-1094 PostgreSQL Multi-byte SQL Injection Demo | Educational security research project with full documentation (github-poc-repo)
TranDongA3/POC-CVE-2025-1094 (github-poc-repo)
TranDongA3/POC-CVE-2025-1094 (github-poc)
🔒 CVE-2025-1094 PostgreSQL Multi-byte SQL Injection Demo | Educational security research project with full documentation (github-poc)
It is an input sanitization flaw caused by an encoding mismatch, allowing crafted input to bypass filters. If a server is vulnerable, an attacker can inject malicious SQL that the backend executes. (github-poc)
ishwardeepp/CVE-2025-1094-PoC-Postgre-SQLi (github-poc)
WebSocket and SQL Injection Exploit Script (github-poc)
Detects CVE-2025-1094 - PostgreSQL SQL Injection to RCE. This script attempts to identify systems vulnerable to CVE-2025-1094 by checking for specific indicators and patterns. References: * https://nvd.nist.gov/vuln/detail/CVE-2025-1094 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1094 (nmap-nse)
GenerationConfig.java (github-poc)
SelfAdaptationGenerationConfig.java (github-poc)

Timeline

May 29, 2025 CVE Published
Jan 3, 2026 PoC Published

References

ALAS2-2025-2866: postgresql (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›