Oracle MySQL Cluster/MySQL Client up to 7.6.33/8.0.41/8.4.4/9.2.0 Mysqldump information disclosure

Summaryinfo

A vulnerability was found in Oracle MySQL Cluster and MySQL Client up to 7.6.33/8.0.41/8.4.4/9.2.0 and classified as problematic. The affected element is an unknown function of the component Mysqldump. Executing a manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2025-30722. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Oracle MySQL Cluster and MySQL Client up to 7.6.33/8.0.41/8.4.4/9.2.0. It has been declared as problematic. This vulnerability affects an unknown code of the component Mysqldump. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).

The advisory is available at oracle.com. This vulnerability was named CVE-2025-30722 since 03/25/2025. The exploitation appears to be difficult. The attack can be initiated remotely. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

The vulnerability scanner Nessus provides a plugin with the ID 235352 (MariaDB 11.4.0 < 11.4.6 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at Tenable (235352) and CERT Bund (WID-SEC-2025-1850). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Affected

• Xerox FreeFlow Print Server

Productinfo

Type

• Database Software

Vendor

• Oracle

Name

• MySQL Client
• MySQL Cluster

Version

• 7.6.0
• 7.6.1
• 7.6.2
• 7.6.3
• 7.6.4
• 7.6.5
• 7.6.6
• 7.6.7
• 7.6.8
• 7.6.9
• 7.6.10
• 7.6.11
• 7.6.12
• 7.6.13
• 7.6.14
• 7.6.15
• 7.6.16
• 7.6.17
• 7.6.18
• 7.6.19
• 7.6.20
• 7.6.21
• 7.6.22
• 7.6.23
• 7.6.24
• 7.6.25
• 7.6.26
• 7.6.27
• 7.6.28
• 7.6.29
• 7.6.30
• 7.6.31
• 7.6.32
• 7.6.33
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 8.0.9
• 8.0.10
• 8.0.11
• 8.0.12
• 8.0.13
• 8.0.14
• 8.0.15
• 8.0.16
• 8.0.17
• 8.0.18
• 8.0.19
• 8.0.20
• 8.0.21
• 8.0.22
• 8.0.23
• 8.0.24
• 8.0.25
• 8.0.26
• 8.0.27
• 8.0.28
• 8.0.29
• 8.0.30
• 8.0.31
• 8.0.32
• 8.0.33
• 8.0.34
• 8.0.35
• 8.0.36
• 8.0.37
• 8.0.38
• 8.0.39
• 8.0.40
• 8.0.41
• 8.4.0
• 8.4.1
• 8.4.2
• 8.4.3
• 8.4.4
• 9.0
• 9.1
• 9.2.0

License

• open-source

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion