CVE-2025-5690 MEDIUM

CVE-2025-5690: Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data

Vendor Dalibo

Product PostgreSQL Anonymizer

Weakness CWE-200 · Info exposure

Published June 4, 2025

Last update June 5, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

Key dates

02Disclosure timeline

June 4, 2025 CVE published

June 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5690

Related vulnerabilities

CVE-2025-5690: Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data

01Description

02Disclosure timeline

03References

04Related CVE