Key Information Vulnerability Overview Vulnerability ID: JVN#06238225 Vulnerability Type: Authentication Bypass (via primary weakness) Affected Product: Pgpool-II Affected Versions 4.6.0 4.5.0 to 4.5.6 4.4.0 to 4.4.11 4.3.0 to 4.3.14 4.2.0 to 4.2.21 All versions in the 4.1 series All versions in the 4.0 series Impact Conditions Pattern 1: - Password authentication method is configured - - User password is not set in - or authentication method is configured in Pattern 2: - - One of , , or authentication methods is configured in Pattern 3: - Pgpool-II is running in raw mode ( ) - authentication method is configured in - - User password is stored in plain text or AES format in - One of , , or authentication methods is configured in Description CVE ID: CVE-2025-46801 CVSS Score: - CVSS 4.0: 9.3 - CVSS 3.0: 9.8 Impact Attackers may log in as any user, read or modify database data, and even disable the database. Solution Upgrade to the following versions: - Pgpool-II 4.6.1 - Pgpool-II 4.5.7 - Pgpool-II 4.4.12 - Pgpool-II 4.3.15 - Pgpool-II 4.2.22 Vendor Status Vendor: Pgpool-II Global Development Group Status: Vulnerable Last Updated: 2025/05/15 Additional Information CVE: CVE-2025-46801 JVN iPedla: JVNDNB-2025-000031