CVE-2025-46801 CRITICAL

CVE-2025-46801

Vendor Pgpool Global Development Group
Product Pgpool-II
Weakness CWE-305
Published May 19, 2025
Last update November 3, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.

Key dates

02Disclosure timeline

May 19, 2025 CVE published
November 3, 2025 Record updated