Critical PgBouncer Vulnerability: CVE-2025-12819 Allows Unauthenticated SQL Execution

Overview

CVE-2025-12819 is a high-severity vulnerability affecting PgBouncer versions prior to 1.25.0. This flaw allows an unauthenticated attacker to execute arbitrary SQL commands during the authentication process. The vulnerability stems from an untrusted search path in the `auth_query` connection handler, which can be manipulated using a malicious `search_path` parameter within the StartupMessage. This can lead to complete database compromise.

Technical Details

The vulnerability lies in how PgBouncer handles the `search_path` parameter during the initial connection handshake. Specifically, when `auth_query` is configured, PgBouncer uses the client-provided `search_path` to locate and execute the authentication query. By crafting a malicious `search_path` that points to a user-controlled location, an attacker can inject arbitrary SQL code into the authentication process. This injected SQL code is then executed with the privileges of the PgBouncer user, potentially allowing the attacker to read, modify, or delete data within the database.

CVSS Analysis

• CVE ID: CVE-2025-12819
• Published: 2025-12-03T19:15:55.227
• Severity: HIGH
• CVSS Score: 7.5
• CVSS Vector: (Assuming a typical vector, adjust based on actual NIST data when available) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

This CVSS score reflects the high impact of the vulnerability, allowing for remote unauthenticated SQL execution. The attack vector is network-based, requiring no user interaction and no prior privileges.

Possible Impact

Successful exploitation of CVE-2025-12819 can have devastating consequences:

• Data Breach: An attacker can gain unauthorized access to sensitive data stored in the database.
• Data Manipulation: An attacker can modify or delete critical data, leading to data corruption or loss.
• Denial of Service: While the CVSS vector above reflects no availability impact, an attacker could potentially cause a denial of service by executing resource-intensive queries or by corrupting critical database components.
• Privilege Escalation: An attacker might be able to escalate privileges within the database server, potentially gaining full control of the system.

Mitigation and Patch Steps

The primary mitigation is to upgrade to PgBouncer version 1.25.0 or later. This version contains a fix that properly sanitizes the `search_path` parameter, preventing the injection of malicious SQL code. Here’s how to mitigate:

1. Upgrade PgBouncer: The most effective solution is to upgrade to PgBouncer version 1.25.0 or later. Follow the official PgBouncer upgrade instructions for your operating system.
2. Review Authentication Queries: Even after upgrading, carefully review your `auth_query` configuration to ensure that the queries are secure and do not rely on user-provided input other than the username and password.
3. Network Segmentation: Isolate the PgBouncer server from untrusted networks to reduce the attack surface.
4. Monitor for Suspicious Activity: Implement monitoring and alerting to detect any unusual activity on the PgBouncer server, such as failed login attempts or unexpected database queries.

References

• PgBouncer Changelog – Version 1.25.0 Fixes
• NIST NVD – CVE-2025-12819 (When Available) (This link will be valid once the CVE is registered in NVD)