CVE-2025-2291 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
PostgreSQL	CNA	8.1 HIGH				CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

pgbouncer

bullseye	vulnerable
bullseye (security)	1.15.0-1+deb11u1 fixed
bookworm	vulnerable
sid	1.24.1-1 fixed
trixie	1.24.1-1 fixed

Common Weakness Enumeration

CWE-324 - Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Vulnerability Media Exposure

[GERMAN] PgBouncer: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PgBouncer ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Published: 2025-04-16T22:00:00+00:00

References

https://www.pgbouncer.org/changelog.html#pgbouncer-124x