Ubuntu: PostgreSQL Critical SQL Injection & Nvidia TOCTOU Advisory CVE-2025-1094, CVE-2025-23359
Fellow Linux admins-
Environments using PostgreSQL for big data analysis, scientific research, and countless business intelligence applications are at a heightened state of alert after it was discovered there are significant critical SQL injection security flaws that can be exploited to execute arbitrary commands and gain unauthorized control over their systems. Read on to learn more about what this all means and how it might affect you and even the everyday services you use.
You'll also learn about a critical Time-of-Check Time-of-Use (TOCTOU) vulnerability in Nvidia Linux Container Toolkit up to version 1.17.3 and GPU Operator up to version 24.9.1 (CVE-2025-23359) that allows malicious actors to execute unauthorized code, disrupt services, escalate privileges, and access or tamper with sensitive data.
If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!
Stay safe out there,

Dave Wreski
LinuxSecurity Founder
PostgreSQLThe DiscoveryA significant critical SQL injection flaw (CVE-2025-1094) has been discovered in the popular open-source database. PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() all improperly handle quoting syntax that allows attackers to inject malicious SQL commands using key libpq functions. |
Nvidia Container Toolkit/GPU OperatorThe DiscoveryNvidia recently disclosed a critical Time-of-Check Time-of-Use (TOCTOU) vulnerability in their Linux Container Toolkit up to version 1.17.3 and GPU Operator up to version 24.9.1 (CVE-2025-23359). |


