{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46801", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-04-30T08:26:53.970Z", "datePublished": "2025-05-19T07:14:45.304Z", "dateUpdated": "2025-11-03T17:44:50.344Z"}, "containers": {"cna": {"affected": [{"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "4.6.0", "status": "affected"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "4.5.0 to 4.5.6", "status": "affected"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "4.4.0 to 4.4.11", "status": "affected"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "4.3.0 to 4.3.14", "status": "affected"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "4.2.0 to 4.2.21", "status": "affected"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "All versions of 4.1 series", "status": "affected"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"version": "All versions of 4.0 series", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database."}], "problemTypes": [{"descriptions": [{"description": "Authentication bypass by primary weakness", "lang": "en-US", "cweId": "CWE-305", "type": "CWE"}]}], "references": [{"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"}, {"url": "https://jvn.jp/en/jp/JVN06238225/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-05-19T07:14:45.304Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T16:02:35.673653Z", "id": "CVE-2025-46801", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T16:02:56.831Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00014.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:44:50.344Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00014.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:44:50.344Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-19T16:02:35.673653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T16:02:50.683Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "4.6.0"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "4.5.0 to 4.5.6"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "4.4.0 to 4.4.11"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "4.3.0 to 4.3.14"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "4.2.0 to 4.2.21"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "All versions of 4.1 series"}]}, {"vendor": "PgPool Global Development Group", "product": "Pgpool-II", "versions": [{"status": "affected", "version": "All versions of 4.0 series"}]}], "references": [{"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"}, {"url": "https://jvn.jp/en/jp/JVN06238225/"}], "descriptions": [{"lang": "en", "value": "Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-305", "description": "Authentication bypass by primary weakness"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-05-19T07:14:45.304Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46801", "state": "PUBLISHED", "dateUpdated": "2025-11-03T17:44:50.344Z", "dateReserved": "2025-04-30T08:26:53.970Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-05-19T07:14:45.304Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database."}, {"lang": "es", "value": "Pgpool-II proporcionado por PgPool Global Development Group contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n por debilidad primaria. Si se explota la vulnerabilidad, un atacante puede iniciar sesi\u00f3n en el sistema como un usuario arbitrario, lo que le permite leer o manipular datos en la base de datos y/o deshabilitar la base de datos."}], "id": "CVE-2025-46801", "lastModified": "2025-11-03T18:16:54.083", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-05-19T08:15:21.840", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN06238225/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00014.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}

{}

{}