CVE-2026-25212

| EUVD-2026-18364 CRITICAL
2026-04-02 mitre GHSA-hm6f-x2ww-p497
9.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 16:30 euvd
EUVD-2026-18364
Analysis Generated
Apr 02, 2026 - 16:30 vuln.today
CVE Published
Apr 02, 2026 - 00:00 nvd
CRITICAL 9.9

Tags

Privilege Escalation

Description

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.

Analysis

Percona PMM before version 3.7 allows authenticated remote code execution through improper privilege management in its internal database user. An attacker with pmm-admin credentials can leverage the 'Add data source' feature to escape database isolation and execute arbitrary shell commands on the underlying operating system, requiring only valid pmm-admin access rather than direct system-level privileges.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

50
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +50
POC: 0

Share

CVE-2026-25212 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy