Content area
CVE-2025-8713 covers a statistics exposure path that could allow a user to infer sampled data in a view, partition, or child table, potentially bypassing access controls or row-level security; fixes extend to supported releases back to version 13. CVE- 2025-8714 and CVE-2025-8715 both involve restore-time code execution vectors—one via untrusted data crafted by a superuser on the origin server and another via improper newline handling in object names—with implications for client systems running and for the restore target server. Additional items touch WAL retention during checkpoints, GSSAPI authentication stability, the handling of nested character classes in, and regression fixes that restore expected behavior for PL/pgSQL parallelization and certain MERGE edge cases.