icon

We found results for “

CVE-2025-2291

Good to know:

icon

Date: April 16, 2025

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Severity Score

Severity Score

Weakness Type (CWE)

Use of a Key Past its Expiration Date

CWE-324

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/pgbouncer/pgbouncer.git - pgbouncer_1_24_1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us