CVE-2025-13699
📋 TL;DR
This vulnerability in MariaDB's mariadb-dump utility allows remote attackers to execute arbitrary code via directory traversal in view names. Attackers can exploit this to run commands with the privileges of the user running mariadb-dump. Systems using vulnerable versions of MariaDB with mariadb-dump exposed to untrusted input are affected.
💻 Affected Systems
- MariaDB
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the user running mariadb-dump, potentially leading to data theft, system takeover, or lateral movement.
Likely Case
Limited code execution in the context of the mariadb-dump process, potentially allowing file system access, data exfiltration, or further privilege escalation.
If Mitigated
No impact if proper input validation and least privilege principles are applied, or if mariadb-dump is not exposed to untrusted sources.
🎯 Exploit Status
Exploitation requires interaction with mariadb-dump utility; attack vectors vary by implementation but typically involve crafted view names.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check MDEV-37483 for specific patched versions
Vendor Advisory: https://jira.mariadb.org/browse/MDEV-37483
Restart Required: No
Instructions:
1. Check MariaDB version. 2. Update to patched version via package manager (e.g., apt-get upgrade mariadb-server on Debian/Ubuntu). 3. Verify update with version check.
🔧 Temporary Workarounds
Restrict mariadb-dump access
allLimit use of mariadb-dump to trusted users and inputs only
Run with minimal privileges
linuxExecute mariadb-dump with a low-privilege user account
sudo -u lowprivuser mariadb-dump [options]
🧯 If You Can't Patch
- Disable or restrict mariadb-dump utility usage in untrusted environments
- Implement strict input validation and sanitization for view names in applications using mariadb-dump
🔍 How to Verify
Check if Vulnerable:
Check if mariadb-dump is used with untrusted input in vulnerable MariaDB versions; review MDEV-37483 for exact version detailsCheck Version:
mariadb --versionVerify Fix Applied:
Update MariaDB to patched version and confirm mariadb-dump no longer accepts malicious view names📡 Detection & Monitoring
Log Indicators:
- Unusual mariadb-dump executions with suspicious view names
- File system access attempts outside expected directories
Network Indicators:
- Unexpected network connections from mariadb-dump processes
SIEM Query:
Process execution where command_line CONTAINS 'mariadb-dump' AND (command_line CONTAINS '../' OR command_line CONTAINS '..\\')