CVE-2025-2291 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with…
High CVSS: 8.1

CVE-2025-2291

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
Vendor
Pgbouncer
Product
Pgbouncer
CWE
CWE-324
Yayın Tarihi
2025-04-16 18:16:04
Güncelleme
2025-12-08 18:32:49
Source Identifier
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
KEV Date Added
-

Kategoriler

CWE-324 Pgbouncer HIGH Pgbouncer 2025

Referanslar

https://www.pgbouncer.org/changelog.html#pgbouncer-124x https://lists.debian.org/debian-lts-announce/2025/05/msg00032.html