← Back

CVE-2025-30706

nvd nist
Published: Apr 15, 2025Modified: Apr 21, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

Affected (1)

Oracle
1 product
Mysql Connectors
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Mysql Connectors
From 9.0.0 to 9.2.0

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

Source: secalert_us@oracle.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.