Rusty Pearl: Remote Code Execution In Postgres Instances
Varonis, Monday, August 11th, 2025
Varonis uncovers an RCE vulnerability in PostgreSQL via PL/Perl and PL/Rust. Learn how AWS RDS responded and how to secure your Postgres environmen
As part of our ongoing data security research, Varonis Threat Labs uncovered a remote code execution vulnerability (RCE) in the PostgreSQL database software using multiple vulnerabilities found in PostgreSQL extensions.
An RCE vulnerability allows an attacker to execute arbitrary commands on the database server's underlying operating system. A successful attack could result in data exfiltration and destruction, as well as the attacker gaining an initial access vector into your network.