CVE-2025-22248: Vulnerability in VMware Bitnami
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
AI Analysis
Technical Summary
CVE-2025-22248 is a critical vulnerability affecting VMware's Bitnami PostgreSQL-related containerized deployments, specifically the bitnami/pgpool Docker image and the bitnami/postgres-ha Kubernetes Helm chart. Under default configurations, these deployments include a 'repmgr' user account that allows unauthenticated access to the PostgreSQL database cluster. The vulnerability arises because the PGPOOL_SR_CHECK_USER, which Pgpool uses internally to perform streaming replication health checks, is configured with a trust authentication level rather than requiring credentials. This misconfiguration enables an attacker to log into the PostgreSQL database cluster using the repmgr user without any authentication. If the Pgpool service is exposed externally, an attacker can exploit this to gain unauthorized access to the database, potentially leading to full compromise of the database cluster. The vulnerability is classified under CWE-1188, which relates to improper authentication mechanisms. The CVSS 4.0 score is 9.4 (critical), reflecting high impact on confidentiality, integrity, and availability, with no authentication or user interaction required, and exploitation possible over an adjacent network. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make this a significant threat to any organization using these Bitnami PostgreSQL container images or Helm charts in default configurations. The vulnerability affects all versions of the affected products, emphasizing the need for immediate remediation.
Potential Impact
For European organizations, this vulnerability poses a severe risk, especially those relying on containerized PostgreSQL deployments using Bitnami's pgpool and postgres-ha charts. Unauthorized access to the database cluster can lead to data breaches involving sensitive personal data protected under GDPR, resulting in regulatory penalties and reputational damage. The integrity of critical business data could be compromised, enabling attackers to alter or delete data, disrupt services, or use the database as a pivot point for further network intrusion. Availability impacts could arise if attackers disrupt replication or database operations, affecting business continuity. Organizations in sectors such as finance, healthcare, telecommunications, and government, which often deploy Kubernetes and containerized databases for scalability and resilience, are particularly at risk. The exposure of Pgpool externally increases the attack surface, and given the default configuration issue, many deployments may be vulnerable without explicit hardening. The critical severity and ease of exploitation mean that attackers do not require credentials or user interaction, increasing the likelihood of exploitation if the service is exposed.
Mitigation Recommendations
European organizations should immediately audit their Kubernetes clusters and Docker deployments using Bitnami's pgpool and postgres-ha images to determine if they are running default configurations exposing the repmgr user without authentication. Specific mitigation steps include: 1) Restrict external exposure of Pgpool services by enforcing network policies, firewall rules, or ingress controls to limit access only to trusted internal networks or VPNs. 2) Modify the Pgpool configuration to require proper authentication for the PGPOOL_SR_CHECK_USER and repmgr accounts, replacing trust authentication with password or certificate-based authentication. 3) Rotate or disable the repmgr user if it is not required for operational purposes. 4) Update to patched versions once VMware/Bitnami releases them; until then, apply configuration hardening as a temporary measure. 5) Monitor logs and network traffic for unauthorized access attempts to the database cluster. 6) Employ Kubernetes security best practices such as Role-Based Access Control (RBAC) and Pod Security Policies to limit container privileges. 7) Conduct penetration testing and vulnerability scanning focused on database access controls. These targeted actions go beyond generic advice by focusing on the specific misconfiguration and exposure vectors identified in this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Belgium, Italy
CVE-2025-22248: Vulnerability in VMware Bitnami
Description
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
AI-Powered Analysis
Technical Analysis
CVE-2025-22248 is a critical vulnerability affecting VMware's Bitnami PostgreSQL-related containerized deployments, specifically the bitnami/pgpool Docker image and the bitnami/postgres-ha Kubernetes Helm chart. Under default configurations, these deployments include a 'repmgr' user account that allows unauthenticated access to the PostgreSQL database cluster. The vulnerability arises because the PGPOOL_SR_CHECK_USER, which Pgpool uses internally to perform streaming replication health checks, is configured with a trust authentication level rather than requiring credentials. This misconfiguration enables an attacker to log into the PostgreSQL database cluster using the repmgr user without any authentication. If the Pgpool service is exposed externally, an attacker can exploit this to gain unauthorized access to the database, potentially leading to full compromise of the database cluster. The vulnerability is classified under CWE-1188, which relates to improper authentication mechanisms. The CVSS 4.0 score is 9.4 (critical), reflecting high impact on confidentiality, integrity, and availability, with no authentication or user interaction required, and exploitation possible over an adjacent network. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make this a significant threat to any organization using these Bitnami PostgreSQL container images or Helm charts in default configurations. The vulnerability affects all versions of the affected products, emphasizing the need for immediate remediation.
Potential Impact
For European organizations, this vulnerability poses a severe risk, especially those relying on containerized PostgreSQL deployments using Bitnami's pgpool and postgres-ha charts. Unauthorized access to the database cluster can lead to data breaches involving sensitive personal data protected under GDPR, resulting in regulatory penalties and reputational damage. The integrity of critical business data could be compromised, enabling attackers to alter or delete data, disrupt services, or use the database as a pivot point for further network intrusion. Availability impacts could arise if attackers disrupt replication or database operations, affecting business continuity. Organizations in sectors such as finance, healthcare, telecommunications, and government, which often deploy Kubernetes and containerized databases for scalability and resilience, are particularly at risk. The exposure of Pgpool externally increases the attack surface, and given the default configuration issue, many deployments may be vulnerable without explicit hardening. The critical severity and ease of exploitation mean that attackers do not require credentials or user interaction, increasing the likelihood of exploitation if the service is exposed.
Mitigation Recommendations
European organizations should immediately audit their Kubernetes clusters and Docker deployments using Bitnami's pgpool and postgres-ha images to determine if they are running default configurations exposing the repmgr user without authentication. Specific mitigation steps include: 1) Restrict external exposure of Pgpool services by enforcing network policies, firewall rules, or ingress controls to limit access only to trusted internal networks or VPNs. 2) Modify the Pgpool configuration to require proper authentication for the PGPOOL_SR_CHECK_USER and repmgr accounts, replacing trust authentication with password or certificate-based authentication. 3) Rotate or disable the repmgr user if it is not required for operational purposes. 4) Update to patched versions once VMware/Bitnami releases them; until then, apply configuration hardening as a temporary measure. 5) Monitor logs and network traffic for unauthorized access attempts to the database cluster. 6) Employ Kubernetes security best practices such as Role-Based Access Control (RBAC) and Pod Security Policies to limit container privileges. 7) Conduct penetration testing and vulnerability scanning focused on database access controls. These targeted actions go beyond generic advice by focusing on the specific misconfiguration and exposure vectors identified in this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- vmware
- Date Reserved
- 2025-01-02T04:30:19.929Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d9816c4522896dcbd662b
Added to database: 5/21/2025, 9:08:38 AM
Last enriched: 7/12/2025, 2:17:24 AM
Last updated: 8/17/2025, 11:14:38 AM
Views: 16
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.