CVE-2025-30722

Name	CVE-2025-30722
Description	Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1103385

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mariadb (PTS)	bookworm	1:10.11.11-0+deb12u1	vulnerable
	trixie, sid	1:11.8.1-4	vulnerable
mariadb-10.5 (PTS)	bullseye	1:10.5.23-0+deb11u1	vulnerable
	bullseye (security)	1:10.5.28-0+deb11u2	vulnerable
mysql-8.0 (PTS)	sid	8.0.42-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
mariadb	source	(unstable)	(unfixed)
mariadb-10.5	source	(unstable)	(unfixed)
mysql-8.0	source	(unstable)	8.0.42-1	1103385

https://mariadb.com/kb/en/security/