Skip to main content

Ubuntu CVE-2025-12819

| EUVDEUVD-2025-201089 HIGH
Untrusted Search Path (CWE-426)
2025-12-03 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-201089
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
CVE Published
Dec 03, 2025 - 19:15 nvd
HIGH 7.5

DescriptionCVE.org

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

Analysis

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

Technical ContextAI

This vulnerability is classified as Untrusted Search Path (CWE-426).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2015-4054 HIGH POC
7.5 May 23

PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by send

CVE-2021-3672 MEDIUM POC
5.6 Nov 23

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Se

CVE-2015-6817 HIGH
8.1 May 23

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user

CVE-2025-2291 HIGH
8.1 Apr 16

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value,

CVE-2026-6665 HIGH
8.1 May 09

Stack overflow in PgBouncer before 1.25.2 enables malicious PostgreSQL backend servers to trigger remote code execution

CVE-2021-3935 HIGH
8.1 Nov 22

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries

CVE-2026-6664 HIGH
7.5 May 09

Remote denial-of-service in PgBouncer versions before 1.25.2 allows unauthenticated attackers to crash the connection po

CVE-2026-6666 MEDIUM
5.9 May 09

PgBouncer before version 1.25.2 crashes when a backend PostgreSQL server sends an error response lacking an SQLSTATE fie

CVE-2012-4575 MEDIUM
5.0 Nov 18

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a d

CVE-2026-6667 MEDIUM
4.3 May 09

PgBouncer before version 1.25.2 fails to properly restrict the KILL_CLIENT admin command to authorized users, allowing a

Vendor StatusVendor

Ubuntu

Priority: Medium
pgbouncer
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream released 1.25.1-1
plucky ignored end of life, was needs-triage

Debian

pgbouncer
Release Status Fixed Version Urgency
bullseye fixed 1.15.0-1+deb11u2 -
bullseye (security) fixed 1.15.0-1+deb11u2 -
bookworm fixed 1.18.0-1+deb12u1 -
trixie fixed 1.24.1-1+deb13u1 -
forky, sid fixed 1.25.1-1 -
(unstable) fixed 1.25.1-1 -

Share

CVE-2025-12819 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy