Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 27, 2025
Untrusted search path in auth_query connection in PgBouncer
CVE-2025-12819
Description
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:apk/chainguard/pgbouncerpkg:apk/chainguard/pgbouncer-docpkg:apk/chainguard/pgbouncer-iamguarded-compatpkg:apk/wolfi/pgbouncerpkg:apk/wolfi/pgbouncer-docpkg:apk/wolfi/pgbouncer-iamguarded-compatpkg:bitnami/pgbouncer
< 1.25.1-r0+ 6 more
- (no CPE)range: < 1.25.1-r0
- (no CPE)range: < 1.25.1-r0
- (no CPE)range: < 1.25.1-r0
- (no CPE)range: < 1.25.1-r0
- (no CPE)range: < 1.25.1-r0
- (no CPE)range: < 1.25.1-r0
- (no CPE)range: < 1.25.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.