CVE-2025-52969 – ClickHouse Executable Table Command Injection Vulnerability

June 23, 2025

CVE ID : CVE-2025-52969

Published : June 23, 2025, 5:15 p.m. | 1 hour, 9 minutes ago

Description : ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables already present in the system. If an attacker can influence the contents of the script referenced by the Executable() engine through writable paths, they may execute controlled commands in the context of the ClickHouse server, leading to privilege escalation and unauthorized code execution. NOTE: the Supplier’s position is that these types of executions by low-privileged users are the expected behavior.

Severity: 2.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6516 – “HDF5 Heap-Based Buffer Overflow Vulnerability”

Next Article CVE-2023-47031 – NCR Terminal Handler Privilege Escalation

Highlights

CVE-2025-6860 – SourceCodester Best Salon Management System SQL Injection Vulnerability

June 29, 2025

CVE ID : CVE-2025-6860

Published : June 29, 2025, 1:15 p.m. | 2 hours, 2 minutes ago

Description : A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/staff_commision.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-52969 – ClickHouse Executable Table Command Injection Vulnerability

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

NASCAR 25 Launches October 14 on Xbox and PS5 with Revamped Career Mode

Tosca Jenkins Integration: Boost Your CI/CD Workflow Today

Free LinkedIn Text Formatter

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

CVE-2025-6860 – SourceCodester Best Salon Management System SQL Injection Vulnerability

CVE-2025-43025 – HP Universal Print Driver Buffer Overflow Denial of Service

Why Organization Needs Data Governance ?

Microsoft Teams Mobile will introduce a game-changing content share button

CVE-2025-52969 – ClickHouse Executable Table Command Injection Vulnerability

Related Posts