CVE-2026-25212CRITICAL 9.9EPSS p20.4%

CVE-2026-25212CVE-2026-25212

Description

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.4% · 2026-06-18T12:00:27Z
Published2026-04-02
Last modified2026-04-21

Underlying weaknesses· 1

CWE-250

References

  1. https://docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.0.html#authenticated-remote-code-execution-via-internal-data-source-cve-2026-25212
  2. https://percona.com

1

TypeTargetConfidenceTier
WeaknessExecution with Unnecessary Privilegescwe-2500%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-26701
CVE
CVE-2026-21262
CVE
CVE-2026-10727
CVE
CVE-2025-12763
CVE
CVE-2026-2005
CVE
CVE-2025-57516
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.