CVE-2025-12819

Summary

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

Affected Software

VendorProductVersion RangeStatus
n/aPgBouncer0 < 1.25.1affected

Weaknesses

  • CWE-426: Untrusted Search Path

Workarounds

Remove search_path and any other security sensitive parameters from track_extra_parameters ensure auth_query uses fully-qualified object and operator names (e.g., pg_catalog.current_user instead of current_user)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References