Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
CVE ID: CVE-2025-46801
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor: PgPool Global Development Group
Product: Pgpool-II
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 26.63% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)