VDB
CVE-2025-12819
CVE-2025-12819
PUBLISHED
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
EPSS 0.19% · 40.1th percentile
Risk Scores
EPSS Score
0.19%
40.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | pgbouncer | 0 |
| Bitnami | pgbouncer | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-12819 (circl-sighting)
- CIRCL seen: CVE-2025-12819 (circl-sighting)
- CIRCL seen: CVE-2025-12819 (circl-sighting)
- CIRCL seen: CVE-2025-12819 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/12/msg00033.html (circl)
- https://www.pgbouncer.org/changelog.html#pgbouncer-125x (circl)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
…and 2 more exploits
Timeline
- Dec 3, 2025 CVE Published
- Dec 4, 2025 EPSS Score
- Dec 4, 2025 PoC Published
- Dec 4, 2025 PoC Published
- Dec 7, 2025 PoC Published
- Dec 8, 2025 EPSS Score
- Dec 8, 2025 PoC Published
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score