CNNVD-202512-357 Information

CNNVD ID

CNNVD-202512-357

Related CVE

CVE-2025-12819

• CNNVD Published: 2025-12-03

Description (Chinese)

PgBouncer是PgBouncer社区的一个 PostgreSql 的开源轻量级连接池。 PgBouncer 1.25.1之前版本存在安全漏洞，该漏洞源于auth_query连接处理程序中不受信任的搜索路径，可能导致未经授权的攻击者在身份验证期间执行任意SQL。

Description (English)

PgBouncer is an open source lightweight connector pool in the PgBouncer community in PostgreSql. There was a security loophole in the pre-PgBouncer 1.2.5.1 version, which originated from the untrusted search path of the mouth query connection process, which could result in the unauthorized assailants enforcing arbitrary SQL during the identification process.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

PgBouncer

Published

2025-12-03

Last Modified

2026-02-24

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12819

Patch

https://www.pgbouncer.org/changelog.html#pgbouncer-125x