The following vulnerability was published for pgbouncer.
CVE-2025-2291[0]:
| Password can be used past expiry in PgBouncer due to auth_query not
| taking into account Postgres its VALID UNTIL value, which allows an
| attacker to log in with an already expired password
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.