Vulnetix
Try Vulnetix Request Demo
CVE-2025-12819 PUBLISHED

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

EPSS 0.16% · 36.6th percentile

Risk Scores

EPSS Score
0.16%
36.6th percentile

Affected Products

VendorProductVersions
Bitnamipgbouncer0
Bitnamipgbouncer0

Timeline

References

Open in Interactive Console →