Main Vulnerability Database SB2025122930

SB2025122930 - SUSE update for mariadb

Published: December 29, 2025

Security Bulletin ID SB2025122930

Severity

High

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Insecure automated optimizations (CVE-ID: CVE-2023-52969)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling derived tables within the SELECT clause. A remote privileged user can crash the server with a specially crafted query.

2) Insecure automated optimizations (CVE-ID: CVE-2023-52970)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insecure automated optimization when handling inserts from a derived table containing insert target table. A remote privileged user can crash the server with a specially crafted query.

3) Path traversal (CVE-ID: CVE-2025-13699)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the handling of view names. A remote attacker can trick a victim to interact with the mariadb-dump utility and upload arbitrary files on the system, leading to arbitrary code execution.

4) Improper input validation (CVE-ID: CVE-2025-21490)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

5) Improper input validation (CVE-ID: CVE-2025-30693)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

6) Improper input validation (CVE-ID: CVE-2025-30722)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20254491-1/

Vulnerable Software

SUSE Linux Enterprise Server 15 SP3: LTSS
Galera for Ericsson 15: SP3
SUSE Linux Enterprise Server for SAP Applications 15: SP3
SUSE Linux Enterprise Server 15: SP3
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
openSUSE Leap: 15.3
mariadb-errormessages: before 10.5.29-150300.3.55.1
mariadb-rpm-macros: before 10.5.29-150300.3.55.1
mariadb-bench-debuginfo: before 10.5.29-150300.3.55.1
mariadb-galera: before 10.5.29-150300.3.55.1
libmariadbd-devel: before 10.5.29-150300.3.55.1
mariadb-test-debuginfo: before 10.5.29-150300.3.55.1
mariadb-tools-debuginfo: before 10.5.29-150300.3.55.1
mariadb-client: before 10.5.29-150300.3.55.1
mariadb-debuginfo: before 10.5.29-150300.3.55.1
mariadb: before 10.5.29-150300.3.55.1
mariadb-tools: before 10.5.29-150300.3.55.1
libmariadbd19-debuginfo: before 10.5.29-150300.3.55.1
mariadb-bench: before 10.5.29-150300.3.55.1
mariadb-test: before 10.5.29-150300.3.55.1
libmariadbd19: before 10.5.29-150300.3.55.1
mariadb-client-debuginfo: before 10.5.29-150300.3.55.1
mariadb-debugsource: before 10.5.29-150300.3.55.1