{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33725", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T17:34:57.559Z", "datePublished": "2026-03-27T00:19:39.397Z", "dateUpdated": "2026-03-28T03:55:51.956Z"}, "containers": {"cna": {"title": "Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import", "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/metabase/metabase/security/advisories/GHSA-fppj-vcm3-w229", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metabase/metabase/security/advisories/GHSA-fppj-vcm3-w229"}], "affected": [{"vendor": "metabase", "product": "metabase", "versions": [{"version": "< 1.54.22", "status": "affected"}, {"version": ">= 1.55.0, < 1.55.22", "status": "affected"}, {"version": ">= 1.56.0, < 1.56.22", "status": "affected"}, {"version": ">= 1.57.0, < 1.57.16", "status": "affected"}, {"version": ">= 1.58.0, < 1.58.10", "status": "affected"}, {"version": ">= 1.59.0, < 1.59.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T00:19:39.397Z"}, "descriptions": [{"lang": "en", "value": "Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read via the `POST /api/ee/serialization/import` endpoint. A crafted serialization archive injects an `INIT` property into the H2 JDBC spec, which can execute arbitrary SQL during a database sync. We confirmed this was possible on Metabase Cloud. This only affects Metabase Enterprise. Metabase OSS lacks the affected codepaths. All versions of Metabase Enterprise that have serialization, which dates back to at least version 1.47, are affected. Metabase Enterprise versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 patch the issue. As a workaround, disable the serialization import endpoint in their Metabase instance to prevent access to the vulnerable codepaths."}], "source": {"advisory": "GHSA-fppj-vcm3-w229", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-33725"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T03:55:51.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33725", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T13:26:42.609115Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:26:48.080Z"}}], "cna": {"title": "Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import", "source": {"advisory": "GHSA-fppj-vcm3-w229", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "metabase", "product": "metabase", "versions": [{"status": "affected", "version": "< 1.54.22"}, {"status": "affected", "version": ">= 1.55.0, < 1.55.22"}, {"status": "affected", "version": ">= 1.56.0, < 1.56.22"}, {"status": "affected", "version": ">= 1.57.0, < 1.57.16"}, {"status": "affected", "version": ">= 1.58.0, < 1.58.10"}, {"status": "affected", "version": ">= 1.59.0, < 1.59.4"}]}], "references": [{"url": "https://github.com/metabase/metabase/security/advisories/GHSA-fppj-vcm3-w229", "name": "https://github.com/metabase/metabase/security/advisories/GHSA-fppj-vcm3-w229", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read via the `POST /api/ee/serialization/import` endpoint. A crafted serialization archive injects an `INIT` property into the H2 JDBC spec, which can execute arbitrary SQL during a database sync. We confirmed this was possible on Metabase Cloud. This only affects Metabase Enterprise. Metabase OSS lacks the affected codepaths. All versions of Metabase Enterprise that have serialization, which dates back to at least version 1.47, are affected. Metabase Enterprise versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 patch the issue. As a workaround, disable the serialization import endpoint in their Metabase instance to prevent access to the vulnerable codepaths."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T00:19:39.397Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33725", "state": "PUBLISHED", "dateUpdated": "2026-03-28T03:55:51.956Z", "dateReserved": "2026-03-23T17:34:57.559Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T00:19:39.397Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read via the `POST /api/ee/serialization/import` endpoint. A crafted serialization archive injects an `INIT` property into the H2 JDBC spec, which can execute arbitrary SQL during a database sync. We confirmed this was possible on Metabase Cloud. This only affects Metabase Enterprise. Metabase OSS lacks the affected codepaths. All versions of Metabase Enterprise that have serialization, which dates back to at least version 1.47, are affected. Metabase Enterprise versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 patch the issue. As a workaround, disable the serialization import endpoint in their Metabase instance to prevent access to the vulnerable codepaths."}], "id": "CVE-2026-33725", "lastModified": "2026-03-27T01:16:19.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T01:16:19.837", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/metabase/metabase/security/advisories/GHSA-fppj-vcm3-w229"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.54.22)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.55.0,1.55.22)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.56.0,1.56.22)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.57.0,1.57.16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.58.0,1.58.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.59.0,1.59.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "metabase", "source": "cna", "vendor": "metabase"}, "product": "metabase", "vendor": "metabase"}], "analysis": {"en": {"generated_at": "2026-03-27T06:25:06.623166+00:00", "value": {"mitigation_remediation": ["Upgrade Metabase Enterprise to the latest patched versions (1.54.22 or later, 1.55.22 or later, 1.56.22 or later, 1.57.16 or later, 1.58.10 or later, 1.59.4 or later).", "If an upgrade is not possible, disable the serialization import endpoint to block access to the vulnerable code path."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Metabase Enterprise Edition only. All Enterprise releases with serialization support from version 1.47 onward are vulnerable, including Metabase Cloud instances. Metabase OSS does not contain the affected code paths. Patched versions start with 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4.", "description_and_impact": "Metabase Enterprise versions before 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 allow an authenticated administrator to inject an INIT property into an H2 JDBC connection string via a crafted serialization archive. The injected parameter causes the database engine to execute arbitrary SQL during a sync, which can in turn trigger Remote Code Execution and arbitrary file reads. The weakness is classified as an insecure deserialization (CWE\u2011502). The potential impact is that a privileged attacker can run arbitrary code on the host and read sensitive files, effectively compromising the entire system.", "risk_and_exploitability": "The CVSS score is 7.2, indicating high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploit requires authenticated administrator access to the /api/ee/serialization/import endpoint and the ability to upload a malicious archive. An attacker with these privileges can trigger the injection and execute arbitrary code, presenting a significant risk to confidentiality, integrity, and availability of the host system."}}}}, "created": "2026-03-27T08:31:13.470808+00:00", "updated": "2026-03-27T09:22:35.704329+00:00", "vendors": ["metabase", "metabase$PRODUCT$metabase"]}