CVE-2025-30693

Published: Apr 15, 2025Modified: Nov 3, 2025

5.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Exploitability: 1.2 / Impact: 4.2

Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Affected (7)

Products: Oracle: Mysql Cluster, Mysql Server

Oracle

2 products

Mysql Cluster

Mysql Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql Cluster	From 7.6.0 to 7.6.33
Oracle Mysql Cluster	From 8.0.0 to 8.0.41
Oracle Mysql Cluster	From 8.4.0 to 8.4.4
Oracle Mysql Cluster	From 9.0.0 to 9.2.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql Server	From 8.0.0 to 8.0.41
Oracle Mysql Server	From 8.4.0 to 8.4.4
Oracle Mysql Server	From 9.0.0 to 9.2.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://www.oracle.com/security-alerts/cpuapr2025.html

Source: secalert_us@oracle.com

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2025/06/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20250502-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.