You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 12819
About this tag
CVE-2025-12819 is a critical authentication-path vulnerability in PgBouncer, the lightweight connection pooler for PostgreSQL. The flaw allows an unauthenticated client to execute arbitrary SQL during the authentication process by supplying a crafted search_path parameter in the StartupMessage. This affects PgBouncer releases prior to version 1.25.1. The fix was released in PgBouncer 1.25.1 on December 3, 2025. Administrators running PgBouncer as a proxy between clients and PostgreSQL databases should upgrade immediately to prevent potential exploitation. The vulnerability underscores the importance of keeping connection poolers updated to maintain database security.
PgBouncer has a serious authentication-path vulnerability—CVE-2025-12819—that can let an unauthenticated client execute arbitrary SQL during the authentication process by supplying a crafted search_path parameter in the StartupMessage; the bug affects PgBouncer releases prior to 1.25.1 and was...