[debian-mysql] Bug#1105976: mariadb: CVE-2025-30722 CVE-2025-30693
Salvatore Bonaccorso
carnil at debian.org
Sun May 18 12:04:33 BST 2025
Source: mariadb
Version: 1:11.8.1-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for mariadb.
CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult
| to exploit vulnerability allows low privileged attacker with network
| access via multiple protocols to compromise MySQL Client.
| Successful attacks of this vulnerability can result in unauthorized
| access to critical data or complete access to all MySQL Client
| accessible data as well as unauthorized update, insert or delete
| access to some of MySQL Client accessible data. CVSS 3.1 Base Score
| 5.9 (Confidentiality and Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
CVE-2025-30693[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-30722
https://www.cve.org/CVERecord?id=CVE-2025-30722
[1] https://security-tracker.debian.org/tracker/CVE-2025-30693
https://www.cve.org/CVERecord?id=CVE-2025-30693
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list