CVE-2022-25834

In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.

Published: Jun 7, 2023
Updated: Jun 16, 2023
CVE: CVE-2022-25834
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
percona / xtrabackup	3.0	8.0.27-19.x
percona / xtrabackup	-	2.2.24.x

https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements
https://www.percona.com/doc/percona-xtrabackup/2.4/index.html

Vulnerability Database

CVE-2022-25834