CVE-2025-30721 | THREATINT

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).

PUBLISHED Reserved 2025-03-25 | Published 2025-04-15 | Updated 2025-04-17 | Assigner oracle

MEDIUM: 4.0CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Problem types

Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Product status

8.0.0 (semver)

affected

8.4.0 (semver)

affected

9.0.0 (semver)

affected

References

www.oracle.com/security-alerts/cpuapr2025.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2025-30721)

nvd.nist.gov (CVE-2025-30721)

Download JSON