ALT-PU-2025-15388-1
Package pgbouncer updated to version 1.25.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2025-12-03
Modified: 2025-12-27
Modified: 2025-12-27
CVE-2025-12819
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References: