CVE-2025-49146 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-49146 Interim 1 5 2026-03-05T00:32:13Z current 2025-06-12T23:12:49Z 2026-03-05T00:32:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-49146 pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Manager Proxy 4.3 SUSE Manager Proxy LTS 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Retail Branch Server LTS 4.3 SUSE Manager Server 4.3 SUSE Manager Server LTS 4.3 openSUSE Leap 15.6 openSUSE Tumbleweed postgresql-jdbc postgresql-jdbc-42.7.7-1.1 postgresql-jdbc-42.7.7-160000.2.2 postgresql-jdbc-javadoc postgresql-jdbc-javadoc-42.7.7-1.1 postgresql-jdbc-javadoc-42.7.7-160000.2.2 postgresql-jdbc-42.7.7-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 postgresql-jdbc-javadoc-42.7.7-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 postgresql-jdbc-42.7.7-1.1 as a component of openSUSE Tumbleweed postgresql-jdbc-javadoc-42.7.7-1.1 as a component of openSUSE Tumbleweed postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 postgresql-jdbc as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 postgresql-jdbc as a component of SUSE Linux Enterprise Server 11 SP4 LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP2-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP4-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP5-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security postgresql-jdbc as a component of SUSE Linux Enterprise Server 15 SP3-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 15 SP4-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 15 SP5-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server Teradata 12 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server Teradata 15 SP4 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 postgresql-jdbc as a component of SUSE Manager Proxy 4.3 postgresql-jdbc as a component of SUSE Manager Proxy LTS 4.3 postgresql-jdbc as a component of SUSE Manager Retail Branch Server 4.3 postgresql-jdbc as a component of SUSE Manager Retail Branch Server LTS 4.3 postgresql-jdbc as a component of SUSE Manager Server 4.3 postgresql-jdbc as a component of SUSE Manager Server LTS 4.3 postgresql-jdbc as a component of openSUSE Leap 15.6 postgresql-jdbc-javadoc as a component of openSUSE Leap 15.6 pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7. CVE-2025-49146 SUSE Linux Enterprise Server 16.0:postgresql-jdbc-42.7.7-160000.2.2 SUSE Linux Enterprise Server 16.0:postgresql-jdbc-javadoc-42.7.7-160000.2.2 openSUSE Tumbleweed:postgresql-jdbc-42.7.7-1.1 openSUSE Tumbleweed:postgresql-jdbc-javadoc-42.7.7-1.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:postgresql-jdbc SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:postgresql-jdbc SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql-jdbc SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:postgresql-jdbc SUSE Linux Enterprise Module for Server Applications 15 SP6:postgresql-jdbc SUSE Linux Enterprise Module for Server Applications 15 SP7:postgresql-jdbc SUSE Linux Enterprise Server 11 SP4 LTSS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP2-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP4-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:postgresql-jdbc SUSE Linux Enterprise Server 12 SP5-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 15 SP3-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 15 SP4-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 15 SP5-LTSS:postgresql-jdbc SUSE Linux Enterprise Server Teradata 12 SP3:postgresql-jdbc SUSE Linux Enterprise Server Teradata 15 SP4:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 15 SP3:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 15 SP4:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 15 SP5:postgresql-jdbc SUSE Manager Proxy 4.3:postgresql-jdbc SUSE Manager Proxy LTS 4.3:postgresql-jdbc SUSE Manager Retail Branch Server 4.3:postgresql-jdbc SUSE Manager Retail Branch Server LTS 4.3:postgresql-jdbc SUSE Manager Server 4.3:postgresql-jdbc SUSE Manager Server LTS 4.3:postgresql-jdbc openSUSE Leap 15.6:postgresql-jdbc openSUSE Leap 15.6:postgresql-jdbc-javadoc important 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N