CVE-2026-25212 is a critical vulnerability identified in Percona PMM (Percona Monitoring and Management) versions prior to 3.7. The root cause lies in an internal database user that retains superuser privileges, which should have been restricted or removed. This design flaw allows an attacker who already has pmm-admin rights to abuse the "Add data source" feature. Normally, this feature is intended to add new database sources for monitoring purposes. However, due to the elevated privileges of the internal user, the attacker can escape the database context and execute arbitrary shell commands on the underlying operating system. This effectively leads to remote code execution (RCE) on the host running Percona PMM. The vulnerability does not require additional authentication beyond pmm-admin access, which means that any compromise of these credentials or accounts can lead to full system compromise. No CVSS score has been assigned yet, and no public exploits are known at this time. The vulnerability was reserved in January 2026 and published in April 2026. The lack of patch links suggests that fixes may be forthcoming or in progress. This vulnerability highlights the risks of excessive privileges within internal components and the importance of strict privilege separation in database management tools.

The impact of CVE-2026-25212 is severe for organizations using vulnerable versions of Percona PMM. An attacker with pmm-admin rights can gain full control over the underlying operating system, leading to complete system compromise. This can result in unauthorized data access, data manipulation, service disruption, and potential lateral movement within the network. The confidentiality, integrity, and availability of monitored systems and data are at risk. Since Percona PMM is widely used for database monitoring in enterprises, cloud environments, and managed service providers, exploitation could affect critical infrastructure and business operations globally. The vulnerability increases the attack surface by allowing privilege escalation from a database monitoring context to OS-level control, which is particularly dangerous in environments where Percona PMM is deployed on production servers or in containerized/cloud environments. The absence of known exploits currently reduces immediate risk but does not diminish the urgency for mitigation given the potential damage.

To mitigate CVE-2026-25212, organizations should take the following specific actions: 1) Immediately restrict pmm-admin access to trusted administrators only, enforcing strong authentication and monitoring for unusual activity. 2) Disable or limit the "Add data source" feature if it is not essential, reducing the attack surface. 3) Monitor logs and audit trails for any attempts to add data sources or execute unusual commands from the PMM environment. 4) Apply the official patch or upgrade to Percona PMM version 3.7 or later once it becomes available to remove the excessive superuser privileges from the internal database user. 5) Implement network segmentation to isolate Percona PMM servers from critical infrastructure and limit lateral movement in case of compromise. 6) Conduct regular security reviews of database monitoring tools and their privilege configurations to prevent similar issues. 7) Consider deploying host-based intrusion detection systems (HIDS) to detect unauthorized shell command executions on PMM hosts. These measures go beyond generic advice by focusing on privilege restriction, feature control, and proactive monitoring tailored to this vulnerability.