CVE-2026-25212

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the 'Add data source' feature to break out of the database context and execute shell commands on the underlying operating system.

250

Execution with Unnecessary Privileges

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Read Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Mobile

Likelihood of Exploit: Medium

View CWE Details

https://docs.percona.com/percona-monitoring-and-management/…

https://docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.…

https://percona.com

CVE-2026-25212

Description

Execution with Unnecessary Privileges

Common Consequences

Applicable Platforms

Iscriviti alla newsletter