CVE-2025-2291

Published: 2025-04-16T18:16:04.977

Last Modified: 2025-04-16T18:16:04.977

Source: MITRE CVE List

License: MITRE-CVE-TOS

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password > MITRE Terms of Use apply – see LICENSE‑MITRE.txt