CVE-2025-30683

EUVD-2025-11066

15.04.2025, 21:15

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
oracle	CNA	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
oracle	mysql_server	8.0.0 ≤ 𝑥 ≤ 8.0.41
oracle	mysql_server	8.4.0 ≤ 𝑥 ≤ 8.4.4
oracle	mysql_server	9.0.0 ≤ 𝑥 ≤ 9.2.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
oracle	mysql	8.0.0 ≤ 𝑥 ≤ 8.0.41	CNA
oracle	mysql	8.4.0 ≤ 𝑥 ≤ 8.4.4	CNA
oracle	mysql	9.0.0 ≤ 𝑥 ≤ 9.2.0	CNA

Ubuntu Releases

Ubuntu Product

Codename

mysql-5.7

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
xenial	ignored

mysql-5.5

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
trusty	ignored

mysql-8.4

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	Fixed 8.4.5-0ubuntu0.1 released
questing	Fixed 8.4.5-0ubuntu1 released
resolute	Fixed 8.4.5-0ubuntu1 released

mariadb

focal	dne
jammy	dne
noble	not-affected
oracular	ignored
plucky	not-affected
questing	not-affected
resolute	not-affected

mariadb-10.0

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
xenial	not-affected

mariadb-10.1

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne

mariadb-10.3

focal	ignored
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne

mariadb-10.6

focal	dne
jammy	not-affected
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne

percona-server-5.6

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
xenial	ignored

percona-xtradb-cluster-5.6

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
xenial	ignored

mysql-8.0

focal	Fixed 8.0.42-0ubuntu0.20.04.1 released
jammy	Fixed 8.0.42-0ubuntu0.22.04.1 released
noble	Fixed 8.0.42-0ubuntu0.24.04.1 released
oracular	Fixed 8.0.42-0ubuntu0.24.10.1 released
plucky	dne
questing	dne
resolute	dne

Red Hat Enterprise Linux Releases

Red Hat Product

Release

mysql

RHEL 9

0:8.0.43-1.el9_6

fixed

mysql-common

RHEL 9

0:8.0.43-1.el9_6

fixed

mysql-devel

RHEL 9

0:8.0.43-1.el9_6

fixed

mysql-errmsg

RHEL 9

0:8.0.43-1.el9_6

fixed

mysql-libs

RHEL 9

0:8.0.43-1.el9_6

fixed

mysql-server

RHEL 9

0:8.0.43-1.el9_6

fixed

mysql-test

RHEL 9

0:8.0.43-1.el9_6

fixed

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://www.oracle.com/security-alerts/cpuapr2025.html

https://security.netapp.com/advisory/ntap-20250502-0006/