Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73190.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-73190
Upstream
  • CVE-2025-13699
Published
2025-12-23T22:15:44Z
Modified
2026-04-21T04:33:50.637801Z
Summary
CVE-2025-13699 affecting package mariadb for versions less than 10.6.24-1
Details

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.

References

Affected packages

Azure Linux:2 / mariadb

Package

Name
mariadb
Purl
pkg:rpm/azure-linux/mariadb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.6.24-1

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73190.json"