I have a FreeBSD server with PostgreSQL 13.18, which there has been a recent CVE. My feeds are up to date and I find the CVE-2025-1094 in a CVE search. The scanner finds PostgreSQL while running authenticated OpenVAS Default full and fast scan. I run a CVE scan on the same server and this CVE is not found. What could I be missing? Perhaps I need to clone and create my own CVE scan?
Only a few short remarks:
- Moved into a better fitting category as the CVE scan doesn’t use any NASL scripts / VTs (the “Vulnerability Tests” category is only used for such ones) and is a functionality of the software stack / GEA
- Prerequisites for a successful CVE scan are listed in the documentation: Greenbone Enterprise Appliance Manual: 9.4 Configuring a CVE Scan
- CVE-2025-1094 specific: As pointed out in the previous manual it won’t detect / can’t scan for this CVE as long as no CPE is assigned within the NVD entry of it because the CVE scanner relies on that info
1 Like
Wow, okay, thanks. I believe your third remark is the case in my instance. After being identified on 2/21/25, still no NVD. Seems this issue is going to affect us all, in the short term I hope.
1 Like