CVE-2025-22248
HIGHDescription
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
Is your site exposed to CVE-2025-22248?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| broadcom | bitnami |
| broadcom | bitnami\/pgpool |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-22248? +
How severe is CVE-2025-22248? +
What products are affected by CVE-2025-22248? +
How do I check if I'm vulnerable to CVE-2025-22248? +
Related Vulnerabilities
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel …
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific …
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default …
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests …