{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update to MySQL 8.0.42\n- CVEs fixed:\n CVE-2025-21574 CVE-2025-21577 CVE-2025-21579 CVE-2025-21581 CVE-2025-21584\n CVE-2025-21585 CVE-2025-30681 CVE-2025-30682 CVE-2025-30683 CVE-2025-30684\n CVE-2025-30688 CVE-2025-30689 CVE-2025-30695 CVE-2025-30703 CVE-2025-30705\n CVE-2025-30710 CVE-2025-30715 CVE-2025-30721 CVE-2025-30722 CVE-2025-21575\n CVE-2025-30687 CVE-2025-30685 CVE-2025-21580 CVE-2025-30693 CVE-2025-30704\n CVE-2025-30696 CVE-2025-30699", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1751461369.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "tracking": { "current_release_date": "2026-02-16T09:27:40Z", "generator": { "date": "2026-02-16T09:27:40Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1751461369", "initial_release_date": "2025-07-02T13:06:05Z", "revision_history": [ { "date": "2025-07-02T13:06:05Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:27:40Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "mysql: Fix of 27 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-test@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-errmsg@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-server@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-libs@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-common@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-devel@8.0.42-1.el9_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-30681", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30681" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-30705", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30705" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30688", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30688" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30722", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30722" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2025.html", "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/06/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00005.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250418-0005/", "url": "https://security.netapp.com/advisory/ntap-20250418-0005/" } ], "release_date": "2025-04-15T21:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30703", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30703" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-30689", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30689" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30693", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30693" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30721", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30721" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30685", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30685" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30715", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30715" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21579", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21579" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30683", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30683" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30710", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30710" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2025.html", "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" } ], "release_date": "2025-04-15T21:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30682", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30682" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30687", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30687" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30704", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30704" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30695", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30695" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21584", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21584" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21581", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21581" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21574", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21574" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21575", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21575" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30699", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30699" } ], "release_date": "2025-04-15T20:31:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21577", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21577" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21585", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21585" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21580", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21580" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-30684", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-30684" } ], "release_date": "2025-04-15T20:30:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-02T13:02:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751461369" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.42-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.42-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }