openEuler update for mysql



Risk Medium
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2025-21574
CVE-2025-21575
CVE-2025-21577
CVE-2025-21579
CVE-2025-21580
CVE-2025-21581
CVE-2025-21584
CVE-2025-21585
CVE-2025-30681
CVE-2025-30682
CVE-2025-30683
CVE-2025-30684
CVE-2025-30685
CVE-2025-30687
CVE-2025-30688
CVE-2025-30689
CVE-2025-30693
CVE-2025-30695
CVE-2025-30696
CVE-2025-30699
CVE-2025-30703
CVE-2025-30704
CVE-2025-30705
CVE-2025-30710
CVE-2025-30715
CVE-2025-30721
CVE-2025-30722
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

mysql-test
Operating systems & Components / Operating system package or component

mysql-server
Operating systems & Components / Operating system package or component

mysql-libs
Operating systems & Components / Operating system package or component

mysql-help
Operating systems & Components / Operating system package or component

mysql-errmsg
Operating systems & Components / Operating system package or component

mysql-devel
Operating systems & Components / Operating system package or component

mysql-debugsource
Operating systems & Components / Operating system package or component

mysql-debuginfo
Operating systems & Components / Operating system package or component

mysql-config
Operating systems & Components / Operating system package or component

mysql-common
Operating systems & Components / Operating system package or component

mysql
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU107527

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21574

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU107528

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21575

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU107529

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21577

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU107545

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21579

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU107540

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21580

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU107542

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21581

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU107539

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21584

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU107543

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21585

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU107555

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30681

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU107530

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30682

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU107548

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30683

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU107549

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30684

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU107550

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30685

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU107531

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30687

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU107532

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30688

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU107544

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30689

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU107534

Risk: Medium

CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30693

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU107535

Risk: Medium

CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30695

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU107546

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30696

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU107551

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30699

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU107556

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30703

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU107553

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30704

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU107547

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30705

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU107536

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30710

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Cluster: NDBCluster Plugin component in MySQL Cluster. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU107537

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30715

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU107554

Risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30721

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: UDF component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU107533

Risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30722

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

mysql-test: before 8.0.42-1

mysql-server: before 8.0.42-1

mysql-libs: before 8.0.42-1

mysql-help: before 8.0.42-1

mysql-errmsg: before 8.0.42-1

mysql-devel: before 8.0.42-1

mysql-debugsource: before 8.0.42-1

mysql-debuginfo: before 8.0.42-1

mysql-config: before 8.0.42-1

mysql-common: before 8.0.42-1

mysql: before 8.0.42-1

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1454


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###