TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses …

TimescaleDB versions 2.23.0 to 2.25.1 contain a privilege escalation vulnerability that allows arbitrary code execution during extension upgrades. The vulnerability exploits PostgreSQL's search_path setting, where malicious users can create functions in user-writable schemas that shadow built-in PostgreSQL functions. When the extension upgrade process runs, these malicious functions are executed instead of legitimate PostgreSQL functions, leading to arbitrary code execution. The issue affects the time-series database extension for PostgreSQL and has been patched in version 2.25.2.