CVE-2025-30693: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in the MySQL Server product of Oracle MySQL (component: InnoDB). The affected versions include MySQL Server versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. This vulnerability was disclosed on April 15, 2025, and received a CVSS 3.1 Base Score of 5.5 (Oracle CPU).

The vulnerability allows high privileged attackers with network access via multiple protocols to compromise MySQL Server. The CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) indicates that the attack requires network access, has low attack complexity, requires high privileges, and needs no user interaction. The vulnerability has been classified with CWE-284 (Improper Access Control) (NVD Database).

Successful exploitation of this vulnerability can result in two primary impacts: unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, and unauthorized update, insert or delete access to some of MySQL Server accessible data (NVD Database).

Oracle has released security patches as part of its Critical Patch Update (CPU) for April 2025. Users are strongly advised to update to the patched versions of MySQL Server. Oracle recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay (Oracle CPU).