
We found results for “”
CVE-2025-2291
Good to know:

Date: April 16, 2025
Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
Severity Score
Severity Score
Weakness Type (CWE)
Use of a Key Past its Expiration Date
CWE-324Top Fix

Upgrade Version
Upgrade to version https://github.com/pgbouncer/pgbouncer.git - pgbouncer_1_24_1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |