CVE-2025-46801

Summary

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.

Affected Software

VendorProductVersion RangeStatus
PgPool Global Development GroupPgpool-II4.6.0affected
PgPool Global Development GroupPgpool-II4.5.0 to 4.5.6affected
PgPool Global Development GroupPgpool-II4.4.0 to 4.4.11affected
PgPool Global Development GroupPgpool-II4.3.0 to 4.3.14affected
PgPool Global Development GroupPgpool-II4.2.0 to 4.2.21affected
PgPool Global Development GroupPgpool-IIAll versions of 4.1 seriesaffected
PgPool Global Development GroupPgpool-IIAll versions of 4.0 seriesaffected

Weaknesses

  • CWE-305: Authentication bypass by primary weakness

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References