CVE-2025-30706

EUVD-2025-11044

15.04.2025, 21:16

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
oracle	CNA	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Affected Products (NVD)

Vendor	Product	Version
oracle	mysql_connectors	9.0.0 ≤ 𝑥 ≤ 9.2.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mysql-connector-java

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://www.oracle.com/security-alerts/cpuapr2025.html

https://security.netapp.com/advisory/ntap-20250418-0007/