MySQL Server Vulnerability in Oracle’s Database Management System
CVE-2025-30687

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Server
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-30687?

A vulnerability exists within Oracle's MySQL Server that allows a low-privileged attacker with network access via various protocols to exploit the system. This vulnerability can lead to unauthorized attacks, enabling the attacker to hang or frequently crash the MySQL Server, resulting in denial of service conditions. Affected versions include MySQL Server 8.0.0 to 8.0.41, 8.4.0 to 8.4.4, and 9.0.0 to 9.2.0, highlighting the critical need for security updates.

Affected Version(s)

MySQL Server 8.0.0 <= 8.0.41

MySQL Server 8.4.0 <= 8.4.4

MySQL Server 9.0.0 <= 9.2.0

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025