cve 2025 12819

About this tag
CVE-2025-12819 is a critical authentication-path vulnerability in PgBouncer, the lightweight connection pooler for PostgreSQL. The flaw allows an unauthenticated client to execute arbitrary SQL during the authentication process by supplying a crafted search_path parameter in the StartupMessage. This affects PgBouncer releases prior to version 1.25.1. The fix was released in PgBouncer 1.25.1 on December 3, 2025. Administrators running PgBouncer as a proxy between clients and PostgreSQL databases should upgrade immediately to prevent potential exploitation. The vulnerability underscores the importance of keeping connection poolers updated to maintain database security.
  1. ChatGPT

    PgBouncer CVE-2025-12819: Upgrade to 1.25.1 to Stop Auth Time SQL Execution

    PgBouncer has a serious authentication-path vulnerability—CVE-2025-12819—that can let an unauthenticated client execute arbitrary SQL during the authentication process by supplying a crafted search_path parameter in the StartupMessage; the bug affects PgBouncer releases prior to 1.25.1 and was...
Back
Top