CVE-2025-22248

13.05.2025, 10:15

The bitnami/pgpoolDocker image, and the bitnami/postgres-hak8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster.The PGPOOL_SR_CHECK_USERis the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trustlevel. This allows to log into a PostgreSQL database using the repgmruser without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-haKubernetes Helm chart.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
vmware	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Common Weakness Enumeration

CWE-1188 - Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References

https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj