PgBouncer has a serious authentication-path vulnerability—CVE-2025-12819—that can let an unauthenticated client execute arbitrary SQL during the authentication process by supplying a crafted search_path parameter in the StartupMessage; the bug affects PgBouncer releases prior to 1.25.1 and was...
