CVE-2025-30722

Summary

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).

Affected Software

VendorProductVersion RangeStatus
Oracle CorporationMySQL Cluster7.6.0 <= 7.6.33affected
Oracle CorporationMySQL Cluster8.0.0 <= 8.0.41affected
Oracle CorporationMySQL Cluster8.4.0 <= 8.4.4affected
Oracle CorporationMySQL Cluster9.0.0 <= 9.2.0affected
Oracle CorporationMySQL Client8.0.0 <= 8.0.41affected
Oracle CorporationMySQL Client8.4.0 <= 8.4.4affected
Oracle CorporationMySQL Client9.0.0 <= 9.2.0affected

Weaknesses

  • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References