Platform
mariadb
Component
mariadb
Fixed in
11.8.4
CVE-2025-13699 is a Remote Code Execution (RCE) vulnerability affecting MariaDB installations utilizing the mariadb-dump utility. This flaw allows attackers to execute arbitrary code by exploiting insufficient validation of user-supplied paths within the view name handling process. The vulnerability impacts systems where the mariadb-dump utility is engaged, and a patch is required to remediate the risk.
The impact of CVE-2025-13699 is severe, enabling remote attackers to execute arbitrary code on affected MariaDB servers. Successful exploitation requires interaction with the mariadb-dump utility, but the specific attack vectors can vary based on the implementation. An attacker could potentially gain complete control of the database server, leading to data breaches, data modification, denial of service, or further compromise of the underlying system. This vulnerability shares similarities with other path traversal vulnerabilities where improper input validation allows attackers to access or manipulate files outside of the intended directory.
CVE-2025-13699 was published on December 23, 2025. The exploitation context and probability are currently unknown, but the RCE nature of the vulnerability warrants careful attention. Public proof-of-concept (PoC) code is not currently available, but the potential for exploitation exists. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.21% (43% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13699 is to upgrade to a patched version of MariaDB that addresses the vulnerability. Consult the official MariaDB documentation for specific version numbers containing the fix. If immediate patching is not feasible, consider restricting access to the mariadb-dump utility and carefully validating any user-supplied input related to view names. Implement strict access controls and monitor for suspicious activity related to the utility. After upgrade, confirm by attempting to execute mariadb-dump with a crafted view name and verifying that the operation fails with an appropriate error message, indicating the vulnerability is no longer exploitable.
Actualice MariaDB a una versión posterior a 11.8.3 que corrija la vulnerabilidad CVE-2025-13699. Consulte las notas de la versión de MariaDB para obtener más detalles sobre la actualización. Aplique las medidas de seguridad recomendadas por MariaDB para mitigar el riesgo de ejecución remota de código.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13699 is a Remote Code Execution vulnerability in MariaDB affecting installations using the mariadb-dump utility. It allows attackers to execute arbitrary code by manipulating view names.
You are affected if you use MariaDB and the mariadb-dump utility, and you have not upgraded to a patched version. Carefully review your MariaDB configuration and usage patterns.
Upgrade to a patched version of MariaDB that addresses the vulnerability. Consult the official MariaDB documentation for specific version numbers containing the fix.
Currently, there is no confirmed active exploitation of CVE-2025-13699, but the potential for exploitation exists due to the RCE nature of the vulnerability.
Refer to the official MariaDB security advisories on the MariaDB website for the most up-to-date information and patch details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.