VYPR
Unrated severityNVD Advisory· Published Apr 16, 2025· Updated Nov 3, 2025

PgBouncer default auth_query does not take Postgres password expiry into account

CVE-2025-2291

Description

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.