CVE-2026-25212
Privilege Escalation in Percona PMM Allows OS Command Execution
Publication date: 2026-04-02
Last updated on: 2026-04-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| percona | monitoring_and_management | to 3.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows an attacker with pmm-admin rights to execute arbitrary shell commands on the underlying operating system. This could lead to full system compromise, unauthorized data access, data manipulation, or disruption of services.
Because the attacker can break out of the database context, they can potentially gain control beyond the database itself, affecting the entire host system where PMM is running.
Can you explain this vulnerability to me?
CVE-2026-25212 is a security vulnerability found in Percona Monitoring and Management (PMM) versions before 3.7. It occurs because an internal database user retains specific superuser privileges. This allows an attacker who has pmm-admin rights to misuse the "Add data source" feature to escape the database context and execute shell commands on the underlying operating system.
This vulnerability is classified as an authenticated remote code execution (RCE) issue, meaning an attacker with valid credentials can run arbitrary code remotely on the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-25212 vulnerability, you should upgrade Percona Monitoring and Management (PMM) to version 3.7.0 or later, as this release addresses the authenticated remote code execution vulnerability.
Ensure that only trusted users have pmm-admin rights, since the vulnerability allows an attacker with these rights to execute shell commands on the underlying operating system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Percona PMM before version 3.7 allows an attacker with pmm-admin rights to execute arbitrary shell commands on the underlying operating system, which can lead to a complete compromise of the system.
Such a security flaw poses a significant risk to the confidentiality, integrity, and availability of data managed by the system, potentially leading to violations of common compliance standards and regulations such as GDPR and HIPAA that require strict controls over data access and system security.
By enabling remote code execution, this vulnerability could allow unauthorized access to sensitive personal or health information, thereby undermining compliance with data protection requirements.