Pgbouncer: >> Pgbouncer >> 1.24.1 Security Vulnerabilities
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-12-03