CVE-2025-22248

9.4

Critical

Published:13 May 2025

Last updated:17 Jun 2026

Source:security@vmware.com

Analyzed

Weakness (CWE)

CWE-1188CWE-1188

CVSS Vector

v4.0

Attack Vector: Adjacent
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.

References

security@vmware.com

https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj