Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-25834

In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.

Published

2023-06-07T01:15:38.987

Last Modified

2024-11-21T06:53:05.340

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	percona	xtrabackup	≤ 2.2.24	Yes
Application	percona	xtrabackup	≤ 8.0.27-19	Yes

References

https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements Release Notes ([email protected])
https://www.percona.com/doc/percona-xtrabackup/2.4/index.html Vendor Advisory ([email protected])
https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.percona.com/doc/percona-xtrabackup/2.4/index.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)