How severe is CVE-2025-1520?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2025-1520?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2025-1520 - HIGH Severity | CVSS 7.1

Vulnerability Description

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the SQL parser. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the database account. Was ZDI-CAN-25350.

Related Vulnerabilities

CVE-2016-1393

HIGH

CVSS:7.1(High)

SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy7217...

CWE-892016

CVE-2016-9992

HIGH

CVSS:7.1(High)

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or d...

CWE-892016

CVE-2016-9993

HIGH

CVSS:7.1(High)

CWE-892016

CVE-2016-9994

HIGH

CVSS:7.1(High)

CWE-892016

CVE-2020-14349

HIGH

CVSS:7.1(High)

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in a...

CWE-892020

CVE-2020-15108

HIGH

CVSS:7.1(High)

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.

CWE-892020