Home

Description

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.

PUBLISHED Reserved 2025-04-30 | Published 2025-05-19 | Updated 2025-11-03 | Assigner jpcert




CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Authentication bypass by primary weakness

Product status

4.6.0
affected

4.5.0 to 4.5.6
affected

4.4.0 to 4.4.11
affected

4.3.0 to 4.3.14
affected

4.2.0 to 4.2.21
affected

All versions of 4.1 series
affected

All versions of 4.0 series
affected

References

lists.debian.org/debian-lts-announce/2025/10/msg00014.html

www.pgpool.net/mediawiki/index.php/Main_Page

jvn.jp/en/jp/JVN06238225/

cve.org (CVE-2025-46801)

nvd.nist.gov (CVE-2025-46801)

Download JSON