CVE-2025-46801

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-46801
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46801.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-46801
Downstream
Published
2025-05-19T08:15:21Z
Modified
2025-07-01T16:32:29.694766Z
Summary
[none]
Details

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.

References

Affected packages

Debian:11 / pgpool2

Package

Name
pgpool2
Purl
pkg:deb/debian/pgpool2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.4-3
4.1.4-3+deb11u1
4.1.4-4
4.1.4-5
4.1.4-6
4.3.1-1
4.3.2-1
4.3.3-1
4.3.3-2
4.3.3-3
4.3.5-1
4.3.5-2
4.3.5-3
4.3.7-1
4.3.7-1.1~exp1
4.3.7-2
4.5.2-1
4.5.4-1
4.5.4-2
4.5.4-3
4.5.5-1
4.6.0-1
4.6.0-2
4.6.1-1
4.6.1-2
4.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pgpool2

Package

Name
pgpool2
Purl
pkg:deb/debian/pgpool2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.5-1
4.3.5-2
4.3.5-3
4.3.7-1
4.3.7-1.1~exp1
4.3.7-2
4.5.2-1
4.5.4-1
4.5.4-2
4.5.4-3
4.5.5-1
4.6.0-1
4.6.0-2
4.6.1-1
4.6.1-2
4.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pgpool2

Package

Name
pgpool2
Purl
pkg:deb/debian/pgpool2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1-1

Affected versions

4.*

4.3.5-1
4.3.5-2
4.3.5-3
4.3.7-1
4.3.7-1.1~exp1
4.3.7-2
4.5.2-1
4.5.4-1
4.5.4-2
4.5.4-3
4.5.5-1
4.6.0-1
4.6.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}