CVE-2025-30693

Published Apr 15, 2025

Last updated 4 months ago

CVSS medium 5.5

Overview

Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Source: secalert_us@oracle.com
NVD status: Modified
Products: mysql_cluster, mysql_server

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.5
Impact score: 4.2
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "1FD1C5C2-5266-48D9-AA5F-DD04C98E4E23",
            "versionEndIncluding": "7.6.33",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6EA1092F-209F-41DC-A011-2AF17242F1E1",
            "versionEndIncluding": "8.0.41",
            "versionStartIncluding": "8.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "887D4DDD-E634-4442-9FC3-05B9FBDD161E",
            "versionEndIncluding": "8.4.4",
            "versionStartIncluding": "8.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "14F46F26-AAE0-42DD-BEC2-6CB05F297A76",
            "versionEndIncluding": "9.2.0",
            "versionStartIncluding": "9.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BC7FEA08-A23D-4037-BBDB-C7FC6B533D0F",
            "versionEndIncluding": "8.0.41",
            "versionStartIncluding": "8.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3787EB95-8CCD-4905-B247-DC09A0D30899",
            "versionEndIncluding": "8.4.4",
            "versionStartIncluding": "8.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B0FBFCEC-D8B3-4364-9594-BF11D7A8322C",
            "versionEndIncluding": "9.2.0",
            "versionStartIncluding": "9.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References