Source: mysql-8.0
X-Debbugs-CC:
team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult
| to exploit vulnerability allows low privileged attacker with network
| access via multiple protocols to compromise MySQL Client.
| Successful attacks of this vulnerability can result in unauthorized
| access to critical data or complete access to all MySQL Client
| accessible data as well as unauthorized update, insert or delete
| access to some of MySQL Client accessible data. CVSS 3.1 Base Score
| 5.9 (Confidentiality and Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
CVE-2025-30721[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: UDF). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit
| vulnerability allows high privileged attacker with logon to the
| infrastructure where MySQL Server executes to compromise MySQL
| Server. Successful attacks require human interaction from a person
| other than the attacker. Successful attacks of this vulnerability
| can result in unauthorized ability to cause a hang or frequently
| repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score
| 4.0 (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).
CVE-2025-30715[2]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Components Services). Supported versions that
| are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30705[3]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: PS). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30704[4]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Components Services). Supported versions that
| are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0.
| Difficult to exploit vulnerability allows high privileged attacker
| with network access via multiple protocols to compromise MySQL
| Server. Successful attacks of this vulnerability can result in
| unauthorized ability to cause a hang or frequently repeatable crash
| (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4
| (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30703[5]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized update,
| insert or delete access to some of MySQL Server accessible data.
| CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
CVE-2025-30699[6]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Stored Procedure). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30696[7]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: PS). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30695[8]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30693[9]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-30689[10]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30688[11]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30687[12]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30685[13]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30684[14]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30683[15]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30682[16]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows low privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-30681[17]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Replication). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a partial denial of service (partial DOS) of MySQL
| Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVE-2025-21585[18]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21584[19]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DDL). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21581[20]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21580[21]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DML). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21579[22]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Options). Supported versions that are affected
| are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21577[23]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server. Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21575[24]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Parser). Supported versions that are affected
| are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server. Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-21574[25]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Parser). Supported versions that are affected
| are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows low privileged attacker with network access via
| multiple protocols to compromise MySQL Server. Successful attacks
| of this vulnerability can result in unauthorized ability to cause a
| hang or frequently repeatable crash (complete DOS) of MySQL Server.
| CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2025-30722
https://www.cve.org/CVERecord?id=CVE-2025-30722
[1]
https://security-tracker.debian.org/tracker/CVE-2025-30721
https://www.cve.org/CVERecord?id=CVE-2025-30721
[2]
https://security-tracker.debian.org/tracker/CVE-2025-30715
https://www.cve.org/CVERecord?id=CVE-2025-30715
[3]
https://security-tracker.debian.org/tracker/CVE-2025-30705
https://www.cve.org/CVERecord?id=CVE-2025-30705
[4]
https://security-tracker.debian.org/tracker/CVE-2025-30704
https://www.cve.org/CVERecord?id=CVE-2025-30704
[5]
https://security-tracker.debian.org/tracker/CVE-2025-30703
https://www.cve.org/CVERecord?id=CVE-2025-30703
[6]
https://security-tracker.debian.org/tracker/CVE-2025-30699
https://www.cve.org/CVERecord?id=CVE-2025-30699
[7]
https://security-tracker.debian.org/tracker/CVE-2025-30696
https://www.cve.org/CVERecord?id=CVE-2025-30696
[8]
https://security-tracker.debian.org/tracker/CVE-2025-30695
https://www.cve.org/CVERecord?id=CVE-2025-30695
[9]
https://security-tracker.debian.org/tracker/CVE-2025-30693
https://www.cve.org/CVERecord?id=CVE-2025-30693
[10]
https://security-tracker.debian.org/tracker/CVE-2025-30689
https://www.cve.org/CVERecord?id=CVE-2025-30689
[11]
https://security-tracker.debian.org/tracker/CVE-2025-30688
https://www.cve.org/CVERecord?id=CVE-2025-30688
[12]
https://security-tracker.debian.org/tracker/CVE-2025-30687
https://www.cve.org/CVERecord?id=CVE-2025-30687
[13]
https://security-tracker.debian.org/tracker/CVE-2025-30685
https://www.cve.org/CVERecord?id=CVE-2025-30685
[14]
https://security-tracker.debian.org/tracker/CVE-2025-30684
https://www.cve.org/CVERecord?id=CVE-2025-30684
[15]
https://security-tracker.debian.org/tracker/CVE-2025-30683
https://www.cve.org/CVERecord?id=CVE-2025-30683
[16]
https://security-tracker.debian.org/tracker/CVE-2025-30682
https://www.cve.org/CVERecord?id=CVE-2025-30682
[17]
https://security-tracker.debian.org/tracker/CVE-2025-30681
https://www.cve.org/CVERecord?id=CVE-2025-30681
[18]
https://security-tracker.debian.org/tracker/CVE-2025-21585
https://www.cve.org/CVERecord?id=CVE-2025-21585
[19]
https://security-tracker.debian.org/tracker/CVE-2025-21584
https://www.cve.org/CVERecord?id=CVE-2025-21584
[20]
https://security-tracker.debian.org/tracker/CVE-2025-21581
https://www.cve.org/CVERecord?id=CVE-2025-21581
[21]
https://security-tracker.debian.org/tracker/CVE-2025-21580
https://www.cve.org/CVERecord?id=CVE-2025-21580
[22]
https://security-tracker.debian.org/tracker/CVE-2025-21579
https://www.cve.org/CVERecord?id=CVE-2025-21579
[23]
https://security-tracker.debian.org/tracker/CVE-2025-21577
https://www.cve.org/CVERecord?id=CVE-2025-21577
[24]
https://security-tracker.debian.org/tracker/CVE-2025-21575
https://www.cve.org/CVERecord?id=CVE-2025-21575
[25]
https://security-tracker.debian.org/tracker/CVE-2025-21574
https://www.cve.org/CVERecord?id=CVE-2025-21574
Please adjust the affected versions in the BTS as needed.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)