CVE-2025-30722

Description

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).

How to fix CVE-2025-30722

To remediate CVE-2025-30722, upgrade the affected package to a fixed version below.

• —upgrade to 10.5.29 or later
• —upgrade to 11.4.7 or later
• —upgrade to 10.6.22 or later
• —upgrade to 1:10.11.13-0+deb12u1 or later
• —upgrade to 1:10.5.29-0+deb11u1 or later

Is CVE-2025-30722 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (5)

• from 0, < 10.5.29, >= 10.6.0, < 10.6.22, >= 10.7.0, < 11.4.6, >= 11.5.0, < 11.8.2
• from 0, < 11.4.7, >= 11.5.0, < 11.8.2
• from 0, < 10.6.22, >= 10.7.0, < 11.4.6, >= 11.5.0, < 11.8.2
• from 0, < 1:10.11.13-0+deb12u1
• from 0, < 1:10.5.29-0+deb11u1

CVSS scores

References (5)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-30722
• WEBlists.debian.org/debian-lts-announce/2025/06/msg00005.html
• WEBnvd.nist.gov/vuln/detail/CVE-2025-30722
• WEBsecurity.netapp.com/advisory/ntap-20250418-0005/