CRE-2025-0079

SpiceDB Database Corruption: Critical Table LossCritical

Impact: 10/10

Mitigation: 3/10

CRE-2025-0079View on GitHub

SpiceDBDatabase CorruptionAuthorizationPostgreSQL

Description

Detects catastrophic SpiceDB database corruption where critical core tables \nlike `alembic_version` and `relation_tuple_transaction` are missing or dropped.\nThis represents complete database corruption that renders SpiceDB unable to \nperform any authorization operations, causing total permission system failure.\n

Mitigation

IMMEDIATE ACTIONS:\n- Stop all SpiceDB services immediately to prevent further damage\n- Isolate the corrupted database to prevent data loss\n- Check PostgreSQL logs for corruption indicators or storage errors\n\nASSESSMENT:\n- Run: `psql -U spicedb -d spicedb -c \"\\dt\"` to list existing tables\n- Verify critical tables exist: `alembic_version`, `relation_tuple_transaction`, `metadata`\n- Check for recent backup availability and integrity\n\nRECOVERY:\n- Restore database from most recent known-good backup\n- If no backup available, reinitialize database with migrations:\n `spicedb migrate head --datastore-conn-uri=<uri>`\n- Verify data integrity after restoration\n- Test permission operations before returning to production\n\nPREVENTION:\n- Implement automated database backups with integrity verification\n- Monitor database table existence in health checks\n- Use database-level permissions to prevent accidental table drops\n- Implement storage monitoring for early corruption detection\n

References

• https://authzed.com/docs/spicedb/getting-started/migrating
• https://github.com/authzed/spicedb/issues
• https://authzed.com/docs/spicedb/concepts/datastore
• https://www.postgresql.org/docs/current/backup-dump.html