Primary

Context

Appsmith Remote Command Execution Vulnerability via Misconfigured PostgreSQL in Docker Container

Vulnerability

Patched

A remote command execution vulnerability has been identified in Appsmith versions through 1.50. The issue arises from an incorrectly configured PostgreSQL instance in the Appsmith Docker image, allowing attackers to execute commands within the Appsmith container. To exploit this vulnerability, an attacker must access Appsmith, log in, create a datasource, formulate a query against that datasource, and execute the query.

Impact

Exploitation of this vulnerability allows for remote command execution within the Appsmith Docker container, as well as potential information disclosure.

Remediation

Users can upgrade to Appsmith version 1.52 or later to address this vulnerability. Alternatively, the embedded PostgreSQL database can be disabled by setting 'APPSMITH_ENABLE_EMBEDDED_DB=0' in the container's environment.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.2

remediation

8.3

relevance

0.0

threat

1.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.2

remediation

8.3

relevance

0.0

threat

1.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Appsmith Remote Command Execution Vulnerability via Misconfigured PostgreSQL in Docker Container

Vulnerability

Impact

Remediation

Affected Products

Appsmith

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating