CVE-2025-2291

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.24.1

Description The issue allows an attacker to log in with an already expired password due to PgBouncer's auth query not considering Postgres's VALID UNTIL value. This enables the use of passwords past their expiry date.

Recommendations For versions prior to 1.24.1, update to version 1.24.1 to resolve the issue. As a temporary workaround, consider restricting access to the auth query function until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-324

Related Identifiers

ALT-PU-2025-6604

ALT-PU-2025-6618

ALT-PU-2025-6834

AZL-60437

AZL-60438

BDU:2025-07307

BIT-PGBOUNCER-2025-2291

CVE-2025-2291

DLA-4180-1

Affected Products

Alt Linux

Astra Linux

Debian

Pgbouncer

Red Os

CVE-2025-2291

Weakness Enumeration

Related Identifiers

Affected Products

References · 26