# Release Notes for MariaDB Enterprise Server 10.6.25-22

<a href="https://mariadb.com/downloads/enterprise/enterprise-server/" class="button primary">Download</a> <a href="/pages/mZdNhdcxviKVkn3MStsY" class="button secondary">Overview of Enterprise Server 10.6</a>

**Release date:** 2 Jun 2026

{% hint style="danger" %}
MariaDB 10.6.25-22, a Stable (GA) release of MariaDB Enterprise Server 10.6 released on 2026-06-02, is a **corrective release** that includes fixes for high-rated security vulnerabilities reported for [MariaDB Enterprise Cluster (Galera)](https://mariadb.com/docs/galera-cluster/), as defined in our [engineering policy](https://mariadb.com/engineering-policies/).
{% endhint %}

{% hint style="success" %}

<p align="center"><strong>See</strong> <a href="/pages/mZdNhdcxviKVkn3MStsY"><strong>what's new in MariaDB Enterprise Server 10.6</strong></a></p>
{% endhint %}

## Fixed Security Vulnerabilities <a href="#fixed-security-vulnerabilities" id="fixed-security-vulnerabilities"></a>

| CVE ID (with cve.org link)                                        | CVSS base score (v3.1) |
| ----------------------------------------------------------------- | ---------------------- |
| [CVE-2026-49261](https://www.cve.org/CVERecord?id=CVE-2026-49261) | 10.0                   |
| [CVE-2026-48165](https://www.cve.org/CVERecord?id=CVE-2026-48165) | 8.0                    |
| [CVE-2026-48163](https://www.cve.org/CVERecord?id=CVE-2026-48163) | 8.0                    |

[<sup><mark style="color:$tint;">Full list of Fixed Security Vulnerabilities in MariaDB Enterprise Server<mark style="color:$tint;"></sup>](/docs/server/security/cve/enterprise-server.md)

## Notable Items

### Can result in unexpected behaviour

* A parameter-injection gap existed in `wsrep_sst_rsync` because it failed to validate the joiner-supplied `WSREP_SST_OPT_REMOTE_USER` and `WSREP_SST_OPT_REMOTE_PSWD` values before interpolating them into the donor-written `stunnel.conf` and the `rsync` magic file [MENT-2659](https://jira.mariadb.org/browse/MENT-2659)
* An appropriately privileged user (with `SUPER` privileges) could execute shell commands as the `uid` of the `mariadbd` process because the values of the system variables `wsrep_sst_donor` and `wsrep_sst_receive_address`, which can be modified at runtime, were not properly sanitized when used to construct a shell command [MENT-2660](https://jira.mariadb.org/browse/MENT-2660)
* The `wsrep_notify_cmd` functionality was susceptible to a parameter-injection vulnerability, as it failed to validate the peer-supplied `wsrep_node_name` and `wsrep_node_incoming_address` values before interpolating them into the notification command line[ ](https://mariadb.com/docs/galera-cluster/)[MENT-2661](https://jira.mariadb.org/browse/MENT-2661)

## Platforms <a href="#platforms" id="platforms"></a>

In alignment to the enterprise lifecycle, MariaDB Enterprise Server 10.6.25-22 is provided for:

* AlmaLinux 8 (x86\_64, ARM64)
* AlmaLinux 9 (x86\_64, ARM64)
* Debian 11 (x86\_64, ARM64)
* Debian 12 (x86\_64, ARM64)
* Oracle Linux 8 (x86\_64, ARM64)
* Oracle Linux 9 (x86\_64, ARM64)
* Red Hat Enterprise Linux 8 (x86\_64, ARM64)
* Red Hat Enterprise Linux 9 (x86\_64, ARM64, PPC64LE)
* Rocky Linux 8 (x86\_64, ARM64)
* Rocky Linux 9 (x86\_64, ARM64)
* SUSE Linux Enterprise Server 12 (x86\_64)
* SUSE Linux Enterprise Server 15 (x86\_64, ARM64)
* Ubuntu 22.04 (x86\_64, ARM64)
* Ubuntu 24.04 (x86\_64, ARM64)
* Microsoft Windows (x86\_64) (Without MariaDB Enterprise Cluster (Galera) support)
* Red Hat UBI 8 (x86\_64, ARM64)
  * Red Hat UBI 8 is part of the Enterprise Server Docker Image. It does not support MariaDB Enterprise Cluster (Galera) or MariaDB ColumnStore.

Some components of MariaDB Enterprise Server are supported on a subset of platforms. See [MariaDB Engineering Policies](https://mariadb.com/engineering-policies) for details.

## Installation Instructions <a href="#installation-instructions" id="installation-instructions"></a>

* [Deploy MariaDB Enterprise with Repositories](/docs/server/server-management/install-and-upgrade-mariadb/mariadb-package-repository-setup-and-usage.md)
* [Deploy MariaDB Enterprise with Package Tarballs](/docs/server/server-management/install-and-upgrade-mariadb/installing-mariadb/binary-packages/package-tarballs.md)
* [Deploy MariaDB Enterprise with Docker](/docs/server/server-management/automated-mariadb-deployment-and-administration/docker-and-mariadb/deploy-mariadb-enterprise-server-with-docker.md)

## Upgrade Instructions <a href="#upgrade-instructions" id="upgrade-instructions"></a>

* [Upgrade to MariaDB Enterprise Server 10.6](/docs/server/server-management/install-and-upgrade-mariadb/upgrading/upgrade-paths/mariadb-enterprise-server-10.6/upgrade-to-mariadb-enterprise-server-10.6.md)

<sub>*This page is: Copyright © 2025 MariaDB. All rights reserved.*</sub>

{% @marketo/form formid="4316" formId="4316" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/release-notes/enterprise-server/10.6/10.6.25-22.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.