MariaDB
Moderate fix4 remedies
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*
Moderate fix4 remedies
- 10.6
- 10.11
- 11.4
- 11.8
MariaDB Directory Traversal Remote Code Execution Vulnerability in mariadb-dump Utility
Vulnerability
Patched
A directory traversal vulnerability allowing remote code execution has been identified in the MariaDB utility 'mariadb-dump'. This issue arises from improper validation of user-supplied paths, particularly in the handling of view names, which can lead to arbitrary code execution in the context of the current user. The vulnerability affects MariaDB versions 10.6, 10.11, 11.4, and 11.8.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system, executed with the privileges of the current user.
Reproduction
To reproduce this vulnerability, create a database and a table with a name that includes a directory traversal sequence. Then, use the 'mariadb-dump' utility with the '--tab' option to export the table. The export will fail due to the traversal, but the error can be manipulated to execute arbitrary code.
Remediation
MariaDB has released patches for this vulnerability in versions 10.6.24, 10.11.15, 11.4.9, and 11.8.4.
Added: Dec 23, 2025, 10:51 PM
Updated: Dec 23, 2025, 10:51 PM
Vulnerability Rating
Custom Algorithm
spread
7.3impact
10.0exploitability
8.7remediation
7.7relevance
1.6threat
6.4urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.