CVE-2025-30721: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in Oracle MySQL Server's User Defined Function (UDF) component, tracked as CVE-2025-30721. The vulnerability affects MySQL Server versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. This security issue was disclosed on April 15, 2025, as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.0, indicating a moderate severity level. The CVSS vector string is CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H, which indicates that exploitation requires local access, high attack complexity, high privileges, and user interaction. The vulnerability affects only availability, with no impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The impact is limited to availability, with no compromise of data confidentiality or integrity (Oracle CPU).

Oracle has released patches for the affected versions as part of its April 2025 Critical Patch Update. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible (Oracle CPU).