CVE-2025-30695: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) affecting versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. The vulnerability was discovered and disclosed on April 15, 2025, and allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H. The attack requires high privileges but is considered easily exploitable with low attack complexity and no user interaction required (Oracle CPU).

Successful exploitation can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (NVD).

Oracle has released patches for affected versions through their April 2025 Critical Patch Update. Users are strongly advised to apply these security patches as soon as possible. The patches are available for MySQL Server versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0 (Oracle CPU).