2417693 – (CVE-2025-13699) CVE-2025-13699 mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

Bug 2417693 (CVE-2025-13699) - CVE-2025-13699 mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

Summary: CVE-2025-13699 mariadb: MariaDB: mariadb-dump utility vulnerable to remote co...

Keywords:
Status:	NEW
Alias:	CVE-2025-13699
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2417694 2417695 2417696 2417697
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-28 12:44 UTC by OSIDB Bzimport
Modified:	2025-11-28 13:03 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-28 12:44:59 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.

Note You need to log in before you can comment on or make changes to this bug.