June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple D-Link DIR-619L Firmware Vulnerabilities
May 9, 2025
Multiple Apple Products Vulnerabilities
May 9, 2025
Multiple D-Link DIR-619L Firmware Vulnerabilities
May 9, 2025
Multiple Apple Products Vulnerabilities
May 9, 2025
Severity
Medium
Analysis Summary
CVE-2025-30687 CVSS:6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). An easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2025-21585 CVSS:4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2025-21576 CVSS:5.4
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data.
CVE-2025-21577 CVSS:6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2025-21578 CVSS:6.7
Vulnerability in Oracle Secure Backup (component: General). Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup.
CVE-2025-21573 CVSS:6
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). A difficult-to-exploithigh-privileged vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing.
CVE-2025-21574 CVSS:6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2025-21575 CVSS:6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). An easily exploitable vulnerability allows low low-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or a frequently repeatable crash (complete DOS) of MySQL Server.
Impact
- Data Manipulation
- Denial of Service
Indicators of Compromise
CVE
CVE-2025-30687
CVE-2025-21585
CVE-2025-21573
CVE-2025-21574
CVE-2025-21575
CVE-2025-21576
CVE-2025-21577
CVE-2025-21578
Affected Vendors
Oracle
Affected Products
- Oracle Mysql Server - 8.0.0 - 8.0.41
- Oracle Mysql Server - 8.4.0 - 8.4.4
- Oracle Mysql Server - 9.0.0 - 9.2.0
- Oracle Commerce Platform - 11.3.0
- Oracle Commerce Platform - 11.3.1
- Oracle Commerce Platform - 11.3.2
- Oracle Financial Services Revenue Management And Billing - 5.1.0.0.0
- Oracle Financial Services Revenue Management And Billing - 6.1.0.0.0
- Oracle Financial Services Revenue Management And Billing - 7.0.0.0.0
- Oracle Mysql Cluster - 7.6.0 - 7.6.33
- Oracle Mysql Cluster - 8.0.41 - 8.4.4
Remediation
Refer to the Oracle Security Advisory for patch, upgrade, or suggested workaround information.
