AZL-71438

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71438.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-71438

Upstream

CVE-2025-12819

Published

2025-12-03T19:15:55Z

Modified

2026-04-21T04:36:35.319437Z

Summary

CVE-2025-12819 affecting package pgbouncer for versions less than 1.25.1-1

Details

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-12819

Affected packages

Azure Linux:2 / pgbouncer

Package

Name: pgbouncer
Purl: pkg:rpm/azure-linux/pgbouncer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71438.json"