Vulnerabilities

CVE-2025-2291

by Fred · 16/04/2025

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

More information : https://www.pgbouncer.org/changelog.html#pgbouncer-124x

Similar

Tags: Cybersecurity Alert