WRITEUP

WRITEUP
Exploit for CVE-2025-49146 - Postgresql Jdbc Driver < 42.7.7 - Authentication Bypass
AI Analysis

This is a patch file detailing the fix for CVE-2025-49146 in the PostgreSQL JDBC driver. The vulnerability involves the driver incorrectly allowing fallback to insecure authentication methods when channel binding is set to 'require'. The patch enforces proper rejection of non-SASL authentication methods in such cases.

Attack Type
auth_bypass
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1550 - Use Alternate Authentication Material
Loading exploit code...
Download ZIP Password: eip
Source
Platform Writeup
Type patch
Files 1
Authors
Dave Cramer Sehrope Sarkuni
Vulnerability
CVE-2025-49146
Postgresql Jdbc Driver < 42.7.7 - Authentication Bypass
HIGH
CVSS 8.2