Vulnerability-Lookup

alsa-2025:16086

Vulnerability from osv_almalinux

Published

2025-09-17 00:00

Modified

2025-09-29 08:50

Summary

Moderate: mysql security update

Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)
mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)
mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)
mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)
mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)
mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)
mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)
mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)
mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)
mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)
mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)
mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)
mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)
mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)
mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)
mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)
mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)
mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)
mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)
mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)
mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)
mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)
mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)
mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)
mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)
mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)
mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)
mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)
mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)
mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)
mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)
mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)
mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)
mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)
mysql: Replication unspecified vulnerability (CPU Jul 2025) (CVE-2025-53023)
mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)
mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)
mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)
mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)
mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)
mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:16086	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-21574	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21575	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21577	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21579	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21580	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21581	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21584	REPORT
	https://access.redhat.com/security/cve/CVE-2025-21585	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30681	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30682	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30683	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30684	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30685	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30687	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30688	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30689	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30693	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30695	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30696	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30699	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30703	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30704	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30705	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30715	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30721	REPORT
	https://access.redhat.com/security/cve/CVE-2025-30722	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50077	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50078	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50079	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50080	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50081	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50082	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50083	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50084	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50085	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50086	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50087	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50088	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50091	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50092	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50093	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50094	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50096	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50097	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50098	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50099	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50100	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50101	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50102	REPORT
	https://access.redhat.com/security/cve/CVE-2025-50104	REPORT
	https://access.redhat.com/security/cve/CVE-2025-53023	REPORT
	https://bugzilla.redhat.com/2359885	REPORT
	https://bugzilla.redhat.com/2359888	REPORT
	https://bugzilla.redhat.com/2359892	REPORT
	https://bugzilla.redhat.com/2359894	REPORT
	https://bugzilla.redhat.com/2359895	REPORT
	https://bugzilla.redhat.com/2359899	REPORT
	https://bugzilla.redhat.com/2359900	REPORT
	https://bugzilla.redhat.com/2359902	REPORT
	https://bugzilla.redhat.com/2359903	REPORT
	https://bugzilla.redhat.com/2359918	REPORT
	https://bugzilla.redhat.com/2359920	REPORT
	https://bugzilla.redhat.com/2359924	REPORT
	https://bugzilla.redhat.com/2359928	REPORT
	https://bugzilla.redhat.com/2359930	REPORT
	https://bugzilla.redhat.com/2359932	REPORT
	https://bugzilla.redhat.com/2359934	REPORT
	https://bugzilla.redhat.com/2359938	REPORT
	https://bugzilla.redhat.com/2359940	REPORT
	https://bugzilla.redhat.com/2359943	REPORT
	https://bugzilla.redhat.com/2359944	REPORT
	https://bugzilla.redhat.com/2359945	REPORT
	https://bugzilla.redhat.com/2359947	REPORT
	https://bugzilla.redhat.com/2359950	REPORT
	https://bugzilla.redhat.com/2359963	REPORT
	https://bugzilla.redhat.com/2359964	REPORT
	https://bugzilla.redhat.com/2359972	REPORT
	https://bugzilla.redhat.com/2380264	REPORT
	https://bugzilla.redhat.com/2380273	REPORT
	https://bugzilla.redhat.com/2380274	REPORT
	https://bugzilla.redhat.com/2380278	REPORT
	https://bugzilla.redhat.com/2380280	REPORT
	https://bugzilla.redhat.com/2380283	REPORT
	https://bugzilla.redhat.com/2380284	REPORT
	https://bugzilla.redhat.com/2380290	REPORT
	https://bugzilla.redhat.com/2380291	REPORT
	https://bugzilla.redhat.com/2380295	REPORT
	https://bugzilla.redhat.com/2380298	REPORT
	https://bugzilla.redhat.com/2380306	REPORT
	https://bugzilla.redhat.com/2380308	REPORT
	https://bugzilla.redhat.com/2380309	REPORT
	https://bugzilla.redhat.com/2380310	REPORT
	https://bugzilla.redhat.com/2380311	REPORT
	https://bugzilla.redhat.com/2380312	REPORT
	https://bugzilla.redhat.com/2380313	REPORT
	https://bugzilla.redhat.com/2380320	REPORT
	https://bugzilla.redhat.com/2380321	REPORT
	https://bugzilla.redhat.com/2380322	REPORT
	https://bugzilla.redhat.com/2380326	REPORT
	https://bugzilla.redhat.com/2380327	REPORT
	https://bugzilla.redhat.com/2380334	REPORT
	https://bugzilla.redhat.com/2380335	REPORT
	https://errata.almalinux.org/9/ALSA-2025-16086.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-errmsg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.43-1.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  \n\nSecurity Fix(es):  \n\n  * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)\n  * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)\n  * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)\n  * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)\n  * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)\n  * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)\n  * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)\n  * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)\n  * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)\n  * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)\n  * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)\n  * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)\n  * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)\n  * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)\n  * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)\n  * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)\n  * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)\n  * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)\n  * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)\n  * mysql: Replication unspecified vulnerability (CPU Jul 2025) (CVE-2025-53023)\n  * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)\n  * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)\n  * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)\n  * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)\n  * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16086",
  "modified": "2025-09-29T08:50:56Z",
  "published": "2025-09-17T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16086"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21574"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21575"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21577"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21579"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21580"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21581"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21584"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21585"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30681"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30682"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30683"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30684"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30685"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30687"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30688"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30689"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30693"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30695"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30696"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30699"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30703"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30704"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30705"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30715"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30721"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-30722"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50077"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50078"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50079"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50080"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50081"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50082"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50083"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50084"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50085"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50086"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50087"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50088"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50091"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50092"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50093"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50094"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50096"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50097"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50098"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50099"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50100"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50101"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50102"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-50104"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-53023"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359885"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359888"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359892"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359894"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359895"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359899"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359900"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359902"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359903"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359918"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359920"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359924"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359928"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359930"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359932"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359934"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359938"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359940"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359943"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359944"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359945"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359947"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359950"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359963"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359964"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2359972"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380264"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380273"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380274"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380278"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380280"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380283"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380306"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380310"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380311"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380321"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2380335"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-16086.html"
    }
  ],
  "related": [
    "CVE-2025-30722",
    "CVE-2025-30688",
    "CVE-2025-30699",
    "CVE-2025-30721",
    "CVE-2025-30682",
    "CVE-2025-30683",
    "CVE-2025-30715",
    "CVE-2025-21574",
    "CVE-2025-21585",
    "CVE-2025-30681",
    "CVE-2025-21577",
    "CVE-2025-30687",
    "CVE-2025-21580",
    "CVE-2025-30696",
    "CVE-2025-30705",
    "CVE-2025-21575",
    "CVE-2025-21579",
    "CVE-2025-30685",
    "CVE-2025-30704",
    "CVE-2025-21581",
    "CVE-2025-30689",
    "CVE-2025-30695",
    "CVE-2025-30703",
    "CVE-2025-30693",
    "CVE-2025-21584",
    "CVE-2025-30684",
    "CVE-2025-50092",
    "CVE-2025-50081",
    "CVE-2025-50079",
    "CVE-2025-50077",
    "CVE-2025-50078",
    "CVE-2025-50091",
    "CVE-2025-50101",
    "CVE-2025-50093",
    "CVE-2025-50099",
    "CVE-2025-50085",
    "CVE-2025-50086",
    "CVE-2025-50082",
    "CVE-2025-50097",
    "CVE-2025-50104",
    "CVE-2025-50087",
    "CVE-2025-53023",
    "CVE-2025-50080",
    "CVE-2025-50088",
    "CVE-2025-50083",
    "CVE-2025-50084",
    "CVE-2025-50100",
    "CVE-2025-50094",
    "CVE-2025-50098",
    "CVE-2025-50096",
    "CVE-2025-50102"
  ],
  "summary": "Moderate: mysql security update"
}

CVE-2025-21574 (GCVE-0-2025-21574)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Oracle Corporation	MySQL Cluster	Affected: 7.6.0 , ≤ 7.6.33 (semver) Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21574",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T14:42:20.503777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T14:44:21.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:26.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.6.33",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "7.6.33",
                  "versionStartIncluding": "7.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:49.813Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21574",
    "datePublished": "2025-04-15T20:30:49.813Z",
    "dateReserved": "2024-12-24T23:18:54.785Z",
    "dateUpdated": "2025-11-03T19:35:26.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21575 (GCVE-0-2025-21575)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Oracle Corporation	MySQL Cluster	Affected: 7.6.0 , ≤ 7.6.33 (semver) Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21575",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T14:44:39.299891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T14:45:12.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:28.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.6.33",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "7.6.33",
                  "versionStartIncluding": "7.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:53.635Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21575",
    "datePublished": "2025-04-15T20:30:53.635Z",
    "dateReserved": "2024-12-24T23:18:54.785Z",
    "dateUpdated": "2025-11-03T19:35:28.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21577 (GCVE-0-2025-21577)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21577",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T14:52:46.460801Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T14:53:11.380Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:29.736Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:54.409Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21577",
    "datePublished": "2025-04-15T20:30:54.409Z",
    "dateReserved": "2024-12-24T23:18:54.785Z",
    "dateUpdated": "2025-11-03T19:35:29.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21579 (GCVE-0-2025-21579)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:31:04.350230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:31:09.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:31.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:55.145Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21579",
    "datePublished": "2025-04-15T20:30:55.145Z",
    "dateReserved": "2024-12-24T23:18:54.785Z",
    "dateUpdated": "2025-11-03T19:35:31.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21580 (GCVE-0-2025-21580)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21580",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:29:21.439578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:29:26.068Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:32.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:55.550Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21580",
    "datePublished": "2025-04-15T20:30:55.550Z",
    "dateReserved": "2024-12-24T23:18:54.785Z",
    "dateUpdated": "2025-11-03T19:35:32.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21581 (GCVE-0-2025-21581)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21581",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:17:33.336061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:18:18.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:33.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:55.907Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21581",
    "datePublished": "2025-04-15T20:30:55.907Z",
    "dateReserved": "2024-12-24T23:18:54.785Z",
    "dateUpdated": "2025-11-03T19:35:33.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21584 (GCVE-0-2025-21584)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21584",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T19:48:18.246692Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T19:48:24.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:35.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:56.964Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21584",
    "datePublished": "2025-04-15T20:30:56.964Z",
    "dateReserved": "2024-12-24T23:18:54.786Z",
    "dateUpdated": "2025-11-03T19:35:35.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21585 (GCVE-0-2025-21585)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:35

Summary

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21585",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T19:47:49.033556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T19:47:52.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:36.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:57.314Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21585",
    "datePublished": "2025-04-15T20:30:57.314Z",
    "dateReserved": "2024-12-24T23:18:54.786Z",
    "dateUpdated": "2025-11-03T19:35:36.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30681 (GCVE-0-2025-30681)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:47

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Oracle Corporation	MySQL Cluster	Affected: 7.6.0 , ≤ 7.6.33 (semver) Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30681",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T14:50:39.399359Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T14:50:58.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:47:24.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.6.33",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "7.6.33",
                  "versionStartIncluding": "7.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:58.728Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30681",
    "datePublished": "2025-04-15T20:30:58.728Z",
    "dateReserved": "2025-03-25T20:11:18.261Z",
    "dateUpdated": "2025-11-03T19:47:24.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30682 (GCVE-0-2025-30682)

Vulnerability from cvelistv5 – Published: 2025-04-15 20:30 – Updated: 2025-11-03 19:47

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2025.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.41 (semver) Affected: 8.4.0 , ≤ 8.4.4 (semver) Affected: 9.0.0 , ≤ 9.2.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30682",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T19:16:35.370665Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T19:16:43.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:47:25.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:59.091Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30682",
    "datePublished": "2025-04-15T20:30:59.091Z",
    "dateReserved": "2025-03-25T20:11:18.261Z",
    "dateUpdated": "2025-11-03T19:47:25.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2025:16086

Vulnerability from osv_almalinux

CVE-2025-21574 (GCVE-0-2025-21574)

CVE-2025-21575 (GCVE-0-2025-21575)

CVE-2025-21577 (GCVE-0-2025-21577)

CVE-2025-21579 (GCVE-0-2025-21579)

CVE-2025-21580 (GCVE-0-2025-21580)

CVE-2025-21581 (GCVE-0-2025-21581)

CVE-2025-21584 (GCVE-0-2025-21584)

CVE-2025-21585 (GCVE-0-2025-21585)

CVE-2025-30681 (GCVE-0-2025-30681)

CVE-2025-30682 (GCVE-0-2025-30682)

Tags

Sightings

Nomenclature