CVE-2025-30706

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuapr2025.html	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20250418-0007/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-15 21:16

Updated : 2025-04-21 19:27

NVD link : CVE-2025-30706

Mitre link : CVE-2025-30706

CVE.ORG link : CVE-2025-30706

JSON object : View

Products Affected

oracle

mysql_connectors

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2025-30706", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-04-15T21:16:00.043", "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2025.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20250418-0007/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles afectadas son 9.0.0-9.2.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Connectors. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de MySQL Connectors. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2025-04-21T19:27:55.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A6A10E-39E1-4471-92CD-495AD72BCA09", "versionEndIncluding": "9.2.0", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}