CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...

PgBouncer 安全漏洞

PgBouncer is an open source lightweight connection pool for PostgreSql from the PgBouncer community. A security vulnerability exists in PgBouncer versions prior to 1.25.1, which stems from an untrusted search path in the authquery connection handler, and could allow an unauthorized attacker to...

FreeBSD : pgbouncer -- failed auth_query lookup leads to connection as auth_user (d76961da-56f6-11e5-934b-002590263bf5)

PgBouncer reports : New authuser functionality introduced in 1.6 allows login as authuser when client presents unknown username. It's quite likely authuser is superuser. Affects only setups that have enabled authuser in their config. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

pgbouncer -- failed auth_query lookup leads to connection as auth_user

PgBouncer reports: New authuser functionality introduced in 1.6 allows login as authuser when client presents unknown username. It's quite likely authuser is superuser. Affects only setups that have enabled authuser in their config...