How severe is CVE-2025-22248?

This vulnerability has a severity rating of CRITICAL with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-22248?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2025-22248

CRITICAL Year: 2025

Weakness Type

CWE-1188

View all →

Vulnerability Description

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.

CVE-2017-7964

CRITICAL

CVSS:10.0(Critical)

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in ...

CWE-11882017

CVE-2024-2912

CRITICAL

CVSS:10.0(Critical)

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers...

CWE-11882024

CVE-2014-0234

CRITICAL

CVSS:9.8(Critical)

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing th...

CWE-11882014

CVE-2017-12739

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected d...

CWE-11882017

CVE-2017-5178

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is instal...

CWE-11882017

CVE-2017-8021

CRITICAL

CVSS:9.8(Critical)

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

CWE-11882017

CVE-2025-22248

Vulnerability Description

Related Vulnerabilities

CVE-2017-7964

CVE-2024-2912

CVE-2014-0234

CVE-2017-12739

CVE-2017-5178

CVE-2017-8021