CVE-2025-13699Path Traversal in Mariadb

CWE-22Path Traversal11 documents8 sources
Severity
7.0HIGHNVD
EPSS
0.2%
top 63.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mariadb
Timeline
PublishedDec 23
Latest updateDec 24

Description

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in fil

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

Debianmariadb/mariadb< 11.8.6-0+deb13u1+1
CVEListV5mariadb/mariadb11.8.3

🔴Vulnerability Details

3
GHSA
GHSA-rqf2-8625-4vgv: MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability2025-12-24
OSV
CVE-2025-13699: MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability2025-12-23
CVEList
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability2025-12-23

📋Vendor Advisories

3
Microsoft
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability2025-12-09
Red Hat
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation2025-11-27
Debian
CVE-2025-13699: mariadb - MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerabi...2025

🕵️Threat Intelligence

4
Wiz
CVE-2026-3494 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-35549 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-13699 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-32710 Impact, Exploitability, and Mitigation Steps | Wiz