CNNVD-202512-4083 Information

CNNVD ID

CNNVD-202512-4083

Related CVE

CVE-2025-13699

• CNNVD Published: 2025-12-23

Description (Chinese)

MariaDB是MariaDB基金会的一套免费开源的数据库管理系统，也是一个采用Maria存储引擎的MySQL分支版本。 MariaDB存在路径遍历漏洞，该漏洞源于处理视图名称时缺乏对用户提供路径的验证，可能导致目录遍历和远程代码执行。

Description (English)

MariaDB is a free, open-source database management system of the MariaDB Foundation and a branch version of MySQL using the Maria storage engine. MariaDB has a loophole in the path, which stems from the lack of validation of the path provided by the user when processing the view name, which may lead to a directory going through and remote code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

MariaDB

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1025/ https://jira.mariadb.org/browse/MDEV-37483 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13699

Patch

https://mariadb.org/download/?t=mariadb&p=mariadb&r=12.1.2&os=windows&cpu=x86_64&pkg=msi&mirror=xtom_fre