Security Advisory

CVE-2025-2291

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-16 18:00:05

Last updated 2025-11-03 19:42:15

Assigner PostgreSQL

State PUBLISHED

Description

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

← Browse all CVEs View on cve.org ↗