A high-severity Remote Code Execution (RCE) vulnerability, tracked as CVE-2026-33725, has been disclosed in Metabase Enterprise Edition, allowing authenticated administrators to execute arbitrary code and read sensitive files by injecting malicious payloads in the H2 JDBC serialization import endpoint with confirmed impact on Metabase Cloud deployments.
A disclosed CVE-2026-33725 on March 23, 2026, targeting a deeply embedded flaw in Metabase’s Enterprise serialization infrastructure. The vulnerability carries a CVSS v3.1 score of 7.2 vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, and is classified under CWE-502: Deserialization of Untrusted Data.
A proof-of-concept (PoC) exploit, written entirely in Python, has already been published publicly on GitHub, making rapid exploitation a credible threat for unpatched environments.
Metabase RCE Vulnerability
The root cause of CVE-2026-33725 lies in how Metabase Enterprise processes serialization archives submitted via the POST /api/ee/serialization/import API endpoint. An authenticated admin can craft a malicious serialization archive that injects an INIT property directly into the H2 JDBC connection specification.
During a subsequent database synchronization event, the injected INIT parameter is executed, triggering arbitrary SQL commands on the underlying H2 database engine.
This is a known abuse technique in H2 databases the INIT=RUNSCRIPT parameter in a JDBC URL causes SQL scripts to execute immediately when a connection is established.
In CVE-2026-33725, attackers leverage this behavior inside Metabase’s trusted serialization import flow, effectively turning a business intelligence admin feature into a remote code execution launchpad. The attack has been confirmed to work on Metabase Cloud, meaning SaaS-hosted deployments are not isolated from this threat.
This vulnerability exclusively affects Metabase Enterprise Edition the open-source (OSS) version of Metabase lacks the affected serialization codepaths entirely. Every Metabase Enterprise version with the serialization feature enabled, dating back to at least v1.47, is considered vulnerable.
Organizations using Metabase Enterprise for business intelligence dashboards, embedded analytics, or internal data operations across any of these version ranges are at direct risk of full system compromise through privileged admin accounts.
Real-World Impact
Successful exploitation of CVE-2026-33725 grants an attacker full Remote Code Execution (RCE) on the underlying server hosting Metabase Enterprise, alongside the ability to read arbitrary files from the filesystem. In practical terms, this means attackers can:
- Exfiltrate database credentials, API keys, and configuration secrets stored on the server
- Pivot laterally into internal network infrastructure connected to the Metabase instance
- Deploy persistent backdoors, web shells, or ransomware payloads to the host system
- Read sensitive business intelligence data, analytics configurations, and embedded dashboard credentials
- Compromise Metabase Cloud-hosted environments, expanding the blast radius to SaaS tenants
The requirement for authenticated admin access places this vulnerability in the “insider threat” and “compromised credentials” threat categories, though many enterprise environments have weak admin credential hygiene or use shared admin accounts, significantly lowering the effective barrier to exploitation.
Patch and Remediation
Metabase released patches on March 24, 2026, addressing CVE-2026-33725 across all supported Enterprise branches. Security teams should prioritize the following actions immediately:
- Upgrade Metabase Enterprise to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, or 1.59.4 depending on your current release branch
- Disable the serialization import endpoint (
POST /api/ee/serialization/import) as an interim workaround if immediate patching is not feasible - Audit admin account access logs for any unexpected or unauthorized use of the serialization import API prior to patching
- Rotate all credentials stored on or accessible from the Metabase Enterprise server as a precautionary measure
- Deploy network-level controls to restrict access to the Metabase API from untrusted networks or IP ranges
Organizations using QuimeraX Intelligence’s EASM platform can leverage its proactive vulnerability monitoring capabilities to detect exposed Metabase instances and receive immediate alerts if their systems are identified as vulnerable to CVE-2026-33725.
FAQ
Q1: Does CVE-2026-33725 affect the free, open-source version of Metabase?
No, CVE-2026-33725 exclusively impacts Metabase Enterprise Edition, as Metabase OSS does not contain the serialization codepaths required for exploitation.
Q2: Is authentication required to exploit CVE-2026-33725?
Yes, exploitation requires authenticated admin-level access to the Metabase Enterprise instance, though this does not reduce urgency given credential compromise risks.
Q3: Is there a workaround if patching immediately isn’t possible?
Yes, organizations can disable the POST /api/ee/serialization/import endpoint to block access to the vulnerable code path until a full patch can be applied.
Q4: Has CVE-2026-33725 been actively exploited in the wild?
A public PoC exploit is available on GitHub, significantly elevating exploitation risk, though confirmed in-the-wild attacks have not yet been officially reported as of the disclosure date.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
