A proof-of-concept exploit for CVE-2026-33725, a Remote Code Execution and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import in Metabase.
- Metabase Enterprise ≥ v1.47 and < v1.54.22
- Metabase Enterprise ≥ v1.54.0 and < v1.54.22
- Metabase Enterprise ≥ v1.55.0 and < v1.55.22
- Metabase Enterprise ≥ v1.56.0 and < v1.56.22
- Metabase Enterprise ≥ v1.57.0 and < v1.57.16
- Metabase Enterprise ≥ v1.58.0 and < v1.58.10
- Metabase Enterprise ≥ v1.59.0 and < v1.59.4
This tool is for educational and research purposes only. Use it only on systems you own or have explicit permission to test. The author is not responsible for any misuse or damage caused by this program.
QuimeraX Intelligence is an advanced EASM and Cyber Threat Intelligence platform specializing in identifying critical vulnerabilities in complex systems. The platform proactively monitors, detects, and alerts clients about security threats, ensuring transparency and rapid response to potential risks. Clients receive immediate notifications and comprehensive reports if their systems are found vulnerable, enabling them to take protective action. learn more
Hakai Security is a cybersecurity company founded by security professionals, committed to technical excellence. We offer tailored security solutions including advanced penetration testing, realistic Red Team simulations, and secure development practices to proactively protect our clients' assets from evolving cyber threats.