Bug 2417693 (CVE-2025-13699) - CVE-2025-13699 mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
Summary: CVE-2025-13699 mariadb: MariaDB: mariadb-dump utility vulnerable to remote co...
Keywords:
Status: NEW
Alias: CVE-2025-13699
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2417695 2417697 2417694 2417696
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-28 12:44 UTC by OSIDB Bzimport
Modified: 2026-01-15 11:21 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:0061 0 None None None 2026-01-05 12:14:00 UTC
Red Hat Product Errata RHSA-2026:0111 0 None None None 2026-01-06 07:57:28 UTC
Red Hat Product Errata RHSA-2026:0112 0 None None None 2026-01-06 07:44:49 UTC
Red Hat Product Errata RHSA-2026:0136 0 None None None 2026-01-06 13:42:44 UTC
Red Hat Product Errata RHSA-2026:0137 0 None None None 2026-01-06 14:32:53 UTC
Red Hat Product Errata RHSA-2026:0225 0 None None None 2026-01-07 11:42:00 UTC
Red Hat Product Errata RHSA-2026:0232 0 None None None 2026-01-07 13:06:57 UTC
Red Hat Product Errata RHSA-2026:0233 0 None None None 2026-01-07 13:07:22 UTC
Red Hat Product Errata RHSA-2026:0247 0 None None None 2026-01-07 15:01:42 UTC
Red Hat Product Errata RHSA-2026:0295 0 None None None 2026-01-08 07:47:06 UTC
Red Hat Product Errata RHSA-2026:0296 0 None None None 2026-01-08 08:03:40 UTC
Red Hat Product Errata RHSA-2026:0304 0 None None None 2026-01-08 09:05:20 UTC
Red Hat Product Errata RHSA-2026:0333 0 None None None 2026-01-08 12:20:02 UTC
Red Hat Product Errata RHSA-2026:0334 0 None None None 2026-01-08 13:03:10 UTC
Red Hat Product Errata RHSA-2026:0335 0 None None None 2026-01-08 12:57:27 UTC
Red Hat Product Errata RHSA-2026:0336 0 None None None 2026-01-08 12:44:29 UTC
Red Hat Product Errata RHSA-2026:0344 0 None None None 2026-01-08 13:12:33 UTC
Red Hat Product Errata RHSA-2026:0351 0 None None None 2026-01-08 13:22:46 UTC
Red Hat Product Errata RHSA-2026:0357 0 None None None 2026-01-08 14:04:27 UTC
Red Hat Product Errata RHSA-2026:0367 0 None None None 2026-01-08 15:40:59 UTC
Red Hat Product Errata RHSA-2026:0376 0 None None None 2026-01-08 16:35:27 UTC
Red Hat Product Errata RHSA-2026:0698 0 None None None 2026-01-15 11:21:43 UTC

Description OSIDB Bzimport 2025-11-28 12:44:59 UTC 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.
Comment 2 errata-xmlrpc 2026-01-05 12:13:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0061 https://access.redhat.com/errata/RHSA-2026:0061
Comment 3 errata-xmlrpc 2026-01-06 07:44:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:0112 https://access.redhat.com/errata/RHSA-2026:0112
Comment 4 errata-xmlrpc 2026-01-06 07:57:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:0111 https://access.redhat.com/errata/RHSA-2026:0111
Comment 5 errata-xmlrpc 2026-01-06 13:42:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0136 https://access.redhat.com/errata/RHSA-2026:0136
Comment 6 errata-xmlrpc 2026-01-06 14:32:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0137 https://access.redhat.com/errata/RHSA-2026:0137
Comment 7 errata-xmlrpc 2026-01-07 11:41:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0225 https://access.redhat.com/errata/RHSA-2026:0225
Comment 8 errata-xmlrpc 2026-01-07 13:06:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0232 https://access.redhat.com/errata/RHSA-2026:0232
Comment 9 errata-xmlrpc 2026-01-07 13:07:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0233 https://access.redhat.com/errata/RHSA-2026:0233
Comment 10 errata-xmlrpc 2026-01-07 15:01:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0247 https://access.redhat.com/errata/RHSA-2026:0247
Comment 11 errata-xmlrpc 2026-01-08 07:47:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:0295 https://access.redhat.com/errata/RHSA-2026:0295
Comment 12 errata-xmlrpc 2026-01-08 08:03:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:0296 https://access.redhat.com/errata/RHSA-2026:0296
Comment 13 errata-xmlrpc 2026-01-08 09:05:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:0304 https://access.redhat.com/errata/RHSA-2026:0304
Comment 14 errata-xmlrpc 2026-01-08 12:20:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:0333 https://access.redhat.com/errata/RHSA-2026:0333
Comment 15 errata-xmlrpc 2026-01-08 12:44:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:0336 https://access.redhat.com/errata/RHSA-2026:0336
Comment 16 errata-xmlrpc 2026-01-08 12:57:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0335 https://access.redhat.com/errata/RHSA-2026:0335
Comment 17 errata-xmlrpc 2026-01-08 13:03:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:0334 https://access.redhat.com/errata/RHSA-2026:0334
Comment 18 errata-xmlrpc 2026-01-08 13:12:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:0344 https://access.redhat.com/errata/RHSA-2026:0344
Comment 19 errata-xmlrpc 2026-01-08 13:22:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:0351 https://access.redhat.com/errata/RHSA-2026:0351
Comment 20 errata-xmlrpc 2026-01-08 14:04:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:0357 https://access.redhat.com/errata/RHSA-2026:0357
Comment 21 errata-xmlrpc 2026-01-08 15:40:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:0367 https://access.redhat.com/errata/RHSA-2026:0367
Comment 22 errata-xmlrpc 2026-01-08 16:35:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:0376 https://access.redhat.com/errata/RHSA-2026:0376
Comment 23 errata-xmlrpc 2026-01-15 11:21:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0698 https://access.redhat.com/errata/RHSA-2026:0698
Note You need to log in before you can comment on or make changes to this bug.