Security Advisory

CVE-2025-12819

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 19:00:09
Last updated 2025-12-27 16:04:17
Assigner PostgreSQL
State PUBLISHED

Description

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.