CVE-2025-52969

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

03 Jul 2025, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://github.com/skraft9/clickhouse-security-research', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}
CVSS v2 : unknown
v3 : 2.8
v2 : unknown
v3 : unknown
CWE CWE-420
Summary (en) ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables already present in the system. If an attacker can influence the contents of the script referenced by the Executable() engine through writable paths, they may execute controlled commands in the context of the ClickHouse server, leading to privilege escalation and unauthorized code execution. NOTE: the Supplier's position is that these types of executions by low-privileged users are the expected behavior. (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

23 Jun 2025, 20:16

Type Values Removed Values Added
References () https://github.com/skraft9/clickhouse-security-research - () https://github.com/skraft9/clickhouse-security-research -

23 Jun 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-23 17:15

Updated : 2025-07-03 16:15


NVD link : CVE-2025-52969

Mitre link : CVE-2025-52969

CVE.ORG link : CVE-2025-52969


JSON object : View

Products Affected

No product.

CWE

No CWE.