CVE-2025-12819 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authenticat…
High CVSS: 7.5

CVE-2025-12819

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
Vendor
Pgbouncer
Product
Pgbouncer
CWE
CWE-426
Yayın Tarihi
2025-12-03 19:15:55
Güncelleme
2025-12-27 16:15:51
Source Identifier
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
KEV Date Added
-

Kategoriler

CWE-426 Pgbouncer HIGH Pgbouncer 2025

Referanslar

https://www.pgbouncer.org/changelog.html#pgbouncer-125x https://lists.debian.org/debian-lts-announce/2025/12/msg00033.html