Home > Vulnerability Database > CVE-2025-13699

Mend.io Vulnerability Database

CVE-2025-13699

Good to know:

Date: December 23, 2025

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.

Severity Score

7.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-13699

Url: https://jira.mariadb.org/browse/MDEV-37483

Url: https://www.zerodayinitiative.com/advisories/ZDI-25-1025/

Url: https://www.mend.io/vulnerability-database/CVE-2025-13699

Severity Score

7.0

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version https://github.com/MariaDB/server.git - mariadb-10.11.15;https://github.com/MariaDB/server.git - mariadb-11.4.9;https://github.com/MariaDB/server.git - mariadb-11.8.4;https://github.com/MariaDB/server.git - mariadb-12.1.2;https://github.com/MariaDB/server.git - mariadb-10.6.24

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-13699

Good to know:

Date: December 23, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?