← Back

CVE-2025-30703

nvd nist
Published: Apr 15, 2025Modified: Nov 3, 2025

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Exploitability: 1.2 / Impact: 1.4
Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Affected (3)

Products: Oracle: Mysql Server
Oracle
1 product
Mysql Server
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Mysql Server
From 8.0.0 to 8.0.41
Mysql Server
From 8.4.0 to 8.4.4
Mysql Server
From 9.0.0 to 9.2.0

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: secalert_us@oracle.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.