CVE-2025-2291

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
PostgreSQLCNA
8.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
pgbouncer
bullseye
vulnerable
bookworm
no-dsa
bullseye (security)
1.15.0-1+deb11u1
fixed
trixie
1.24.1-1
fixed
sid
1.24.1-1
fixed
Common Weakness Enumeration
References
https://www.pgbouncer.org/changelog.html#pgbouncer-124x