CVE-2025-30685: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in Oracle MySQL Server's Replication component (CVE-2025-30685). The affected versions include MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. This vulnerability was disclosed on April 15, 2025, as part of Oracle's Critical Patch Update (Oracle CPU, NVD).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. It has been assigned a CVSS 3.1 Base Score of 4.9, indicating a medium severity level. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, which indicates network accessibility, low attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of MySQL Server. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

Oracle has released patches for this vulnerability as part of its April 2025 Critical Patch Update. Users are strongly advised to update to the latest patched versions of MySQL Server. The patches are available through the official Oracle support channels (Oracle CPU).