CVE-2025-46801
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PgPool Global Development Group | Pgpool-II | 4.6.0 | affected |
| PgPool Global Development Group | Pgpool-II | 4.5.0 to 4.5.6 | affected |
| PgPool Global Development Group | Pgpool-II | 4.4.0 to 4.4.11 | affected |
| PgPool Global Development Group | Pgpool-II | 4.3.0 to 4.3.14 | affected |
| PgPool Global Development Group | Pgpool-II | 4.2.0 to 4.2.21 | affected |
| PgPool Global Development Group | Pgpool-II | All versions of 4.1 series | affected |
| PgPool Global Development Group | Pgpool-II | All versions of 4.0 series | affected |
Weaknesses
- CWE-305: Authentication bypass by primary weakness
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.