This high-severity command execution vulnerability in MariaDB is currently being exploited in the wild, necessitating immediate emergency patching.

This flaw allows a high-privileged user to manipulate the wsrep_sst_receive_address or wsrep_sst_donor global system variables. By doing so, the user can force the execution of arbitrary shell commands as the mariadbd process user on the Galera joiner node.

The vulnerability allows for full system compromise from a high-privileged database account. With active exploitation confirmed, the risk of data breaches, ransomware deployment, or lateral movement within the network is extremely high, as indicated by the CVSS score of 8.0.

Immediate Action: Apply the security updates (10.6.27, 10.11.18, 11.4.12, 11.8.8, or 12.3.2) immediately.

Proactive Monitoring: Audit all high-privileged accounts for recent activity and monitor for unauthorized changes to global system variables.

Compensating Controls: Temporarily restrict access to global system variables and monitor server processes for anomalous shell spawning.

Public Exploit Available: false

Due to confirmed active exploitation, this vulnerability must be treated as a critical priority. Administrators should apply the provided updates immediately and perform a thorough security audit of their MariaDB environments to ensure no unauthorized persistence has been established.