UBUNTU-CVE-2025-46801
- Source
- https://ubuntu.com/security/CVE-2025-46801
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46801.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-46801
- Upstream
- Published
- 2025-05-19T08:15:00Z
- Modified
- 2025-07-14T04:37:25Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
- References
-
- https://ubuntu.com/security/CVE-2025-46801
- https://www.cve.org/CVERecord?id=CVE-2025-46801
- https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.6.1.2C_4.5.7.2C_4.4.12.2C_4.3.15_and_4.2.22_officially_released_.282025.2F05.2F15.29_2
- https://jvn.jp/en/jp/JVN06238225/
- https://www.pgpool.net/mediawiki/index.php/Main_Page#News
Affected packages
Ubuntu:Pro:16.04:LTS / pgpool2
Package
- Name
- pgpool2
- Purl
- pkg:deb/ubuntu/pgpool2@3.4.3-1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:20.04:LTS / pgpool2
Package
- Name
- pgpool2
- Purl
- pkg:deb/ubuntu/pgpool2@4.1.1-1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / pgpool2
Package
- Name
- pgpool2
- Purl
- pkg:deb/ubuntu/pgpool2@4.1.4-6build1?arch=source&distro=jammy
Ubuntu:24.04:LTS / pgpool2
Package
- Name
- pgpool2
- Purl
- pkg:deb/ubuntu/pgpool2@4.3.7-1ubuntu4?arch=source&distro=noble