Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for mysql-8.0. CVE-2025-30722[0]: | Vulnerability in the MySQL Client product of Oracle MySQL | (component: Client: mysqldump). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult | to exploit vulnerability allows low privileged attacker with network | access via multiple protocols to compromise MySQL Client. | Successful attacks of this vulnerability can result in unauthorized | access to critical data or complete access to all MySQL Client | accessible data as well as unauthorized update, insert or delete | access to some of MySQL Client accessible data. CVSS 3.1 Base Score | 5.9 (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N). CVE-2025-30721[1]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: UDF). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit | vulnerability allows high privileged attacker with logon to the | infrastructure where MySQL Server executes to compromise MySQL | Server. Successful attacks require human interaction from a person | other than the attacker. Successful attacks of this vulnerability | can result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.0 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H). CVE-2025-30715[2]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Components Services). Supported versions that | are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30705[3]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: PS). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30704[4]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Components Services). Supported versions that | are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. | Difficult to exploit vulnerability allows high privileged attacker | with network access via multiple protocols to compromise MySQL | Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30703[5]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized update, | insert or delete access to some of MySQL Server accessible data. | CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). CVE-2025-30699[6]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Stored Procedure). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30696[7]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: PS). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30695[8]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server as well as unauthorized update, insert or delete access to | some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 | (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2025-30693[9]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server as well as unauthorized update, insert or delete access to | some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 | (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2025-30689[10]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30688[11]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30687[12]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30685[13]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Replication). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30684[14]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Replication). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30683[15]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Replication). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30682[16]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-30681[17]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Replication). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a partial denial of service (partial DOS) of MySQL | Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). CVE-2025-21585[18]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21584[19]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: DDL). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21581[20]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21580[21]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: DML). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21579[22]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Options). Supported versions that are affected | are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21577[23]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows low privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks | of this vulnerability can result in unauthorized ability to cause a | hang or frequently repeatable crash (complete DOS) of MySQL Server. | CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21575[24]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Parser). Supported versions that are affected | are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows low privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks | of this vulnerability can result in unauthorized ability to cause a | hang or frequently repeatable crash (complete DOS) of MySQL Server. | CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21574[25]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Parser). Supported versions that are affected | are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows low privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks | of this vulnerability can result in unauthorized ability to cause a | hang or frequently repeatable crash (complete DOS) of MySQL Server. | CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-30722 https://www.cve.org/CVERecord?id=CVE-2025-30722 [1] https://security-tracker.debian.org/tracker/CVE-2025-30721 https://www.cve.org/CVERecord?id=CVE-2025-30721 [2] https://security-tracker.debian.org/tracker/CVE-2025-30715 https://www.cve.org/CVERecord?id=CVE-2025-30715 [3] https://security-tracker.debian.org/tracker/CVE-2025-30705 https://www.cve.org/CVERecord?id=CVE-2025-30705 [4] https://security-tracker.debian.org/tracker/CVE-2025-30704 https://www.cve.org/CVERecord?id=CVE-2025-30704 [5] https://security-tracker.debian.org/tracker/CVE-2025-30703 https://www.cve.org/CVERecord?id=CVE-2025-30703 [6] https://security-tracker.debian.org/tracker/CVE-2025-30699 https://www.cve.org/CVERecord?id=CVE-2025-30699 [7] https://security-tracker.debian.org/tracker/CVE-2025-30696 https://www.cve.org/CVERecord?id=CVE-2025-30696 [8] https://security-tracker.debian.org/tracker/CVE-2025-30695 https://www.cve.org/CVERecord?id=CVE-2025-30695 [9] https://security-tracker.debian.org/tracker/CVE-2025-30693 https://www.cve.org/CVERecord?id=CVE-2025-30693 [10] https://security-tracker.debian.org/tracker/CVE-2025-30689 https://www.cve.org/CVERecord?id=CVE-2025-30689 [11] https://security-tracker.debian.org/tracker/CVE-2025-30688 https://www.cve.org/CVERecord?id=CVE-2025-30688 [12] https://security-tracker.debian.org/tracker/CVE-2025-30687 https://www.cve.org/CVERecord?id=CVE-2025-30687 [13] https://security-tracker.debian.org/tracker/CVE-2025-30685 https://www.cve.org/CVERecord?id=CVE-2025-30685 [14] https://security-tracker.debian.org/tracker/CVE-2025-30684 https://www.cve.org/CVERecord?id=CVE-2025-30684 [15] https://security-tracker.debian.org/tracker/CVE-2025-30683 https://www.cve.org/CVERecord?id=CVE-2025-30683 [16] https://security-tracker.debian.org/tracker/CVE-2025-30682 https://www.cve.org/CVERecord?id=CVE-2025-30682 [17] https://security-tracker.debian.org/tracker/CVE-2025-30681 https://www.cve.org/CVERecord?id=CVE-2025-30681 [18] https://security-tracker.debian.org/tracker/CVE-2025-21585 https://www.cve.org/CVERecord?id=CVE-2025-21585 [19] https://security-tracker.debian.org/tracker/CVE-2025-21584 https://www.cve.org/CVERecord?id=CVE-2025-21584 [20] https://security-tracker.debian.org/tracker/CVE-2025-21581 https://www.cve.org/CVERecord?id=CVE-2025-21581 [21] https://security-tracker.debian.org/tracker/CVE-2025-21580 https://www.cve.org/CVERecord?id=CVE-2025-21580 [22] https://security-tracker.debian.org/tracker/CVE-2025-21579 https://www.cve.org/CVERecord?id=CVE-2025-21579 [23] https://security-tracker.debian.org/tracker/CVE-2025-21577 https://www.cve.org/CVERecord?id=CVE-2025-21577 [24] https://security-tracker.debian.org/tracker/CVE-2025-21575 https://www.cve.org/CVERecord?id=CVE-2025-21575 [25] https://security-tracker.debian.org/tracker/CVE-2025-21574 https://www.cve.org/CVERecord?id=CVE-2025-21574 Please adjust the affected versions in the BTS as needed.
