cvedb.io
CVE-2026-25212
CRITICAL · CVSS 9.9
EPSS exploitation probability: 0%
Published 2026-04-02T17:16:21.687 · Last modified 2026-06-17T10:24:19.367

Summary

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.

Affected products

percona — monitoring_and_management

Does this affect you?

Add your gear to cvedb and we'll alert you only when percona ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.