Debian 11: PgBouncer Moderate SQL Injection Risk DLA-4422-1 CVE-2025-12819

Debian 11: PgBouncer Moderate SQL Injection Risk DLA-4422-1 CVE-2025-12819

Uncategorized
Yanac

PgBouncer is a lightweight connection pooler for PostgreSQL. CVE-2025-12819 Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.LinuxSecurity – Security AdvisoriesRead More