PT-2025-48274 · Mariadb+6 · Mariadb+7

Sergei Golubchik

·

Published

2025-01-01

·

Updated

2026-05-22

·

CVE-2025-13699

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MariaDB versions prior to 10.5 MariaDB mariadb-dump Utility (affected versions not specified)
Description The mariadb-dump utility contains a directory traversal flaw that could lead to remote code execution. The utility does not properly sanitize user-supplied input, allowing an attacker to potentially access and manipulate files outside the intended directory. This could allow an attacker to execute arbitrary code on the system.
Recommendations Update MariaDB to version 10.5 or later.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2026:0136
ALSA-2026:0137
ALSA-2026:0225
ALSA-2026:0232
ALSA-2026:0233
ALSA-2026:0247
AZL-73186
AZL-73190
BDU:2026-00803
CVE-2025-13699
ECHO-965A-0075-CB52
OESA-2026-1536
OESA-2026-1537
OESA-2026-1538
OESA-2026-2397
OPENSUSE-SU-2025:20175-1
RHSA-2026:0061
RHSA-2026:0111
RHSA-2026:0112
RHSA-2026:0136
RHSA-2026:0137
RHSA-2026:0225
RHSA-2026:0232
RHSA-2026:0233
RHSA-2026:0247
RHSA-2026:0295
RHSA-2026:0296
RHSA-2026:0304
RHSA-2026:0333
RHSA-2026:0334
RHSA-2026:0335
RHSA-2026:0336
RHSA-2026:0344
RHSA-2026:0351
RHSA-2026:0357
RHSA-2026:0367
RHSA-2026:0376
RHSA-2026:0698
RHSA-2026:8812
RHSA-2026:8813
SUSE-SU-2025:4438-1
SUSE-SU-2025:4491-1
SUSE-SU-2025:4493-1
SUSE-SU-2025:4502-1
SUSE-SU-2025:4520-1
SUSE-SU-2026:20018-1
ZDI-25-1025

Affected Products

Almalinux
Centos
Debian
Mariadb
Red Hat
Red Os
Rocky Linux
Mariadb-Dump