{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-50081", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2025-06-11T22:56:56.111Z", "datePublished": "2025-07-15T19:27:41.718Z", "dateUpdated": "2025-07-16T14:17:05.863Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2025-07-15T19:27:41.718Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "MySQL Cluster", "versions": [{"version": "7.6.0", "status": "affected", "lessThanOrEqual": "7.6.34", "versionType": "custom"}, {"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.0.42", "versionType": "custom"}, {"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.5", "versionType": "custom"}, {"version": "9.0.0", "status": "affected", "lessThanOrEqual": "9.3.0", "versionType": "custom"}]}, {"vendor": "Oracle Corporation", "product": "MySQL Client", "versions": [{"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.0.42", "versionType": "custom"}, {"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.5", "versionType": "custom"}, {"version": "9.0.0", "status": "affected", "lessThanOrEqual": "9.3.0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.6.0", "versionEndIncluding": "7.6.34"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.42"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.4.0", "versionEndIncluding": "8.4.5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.3.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.42"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.4.0", "versionEndIncluding": "8.4.5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.3.0"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2025.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "baseScore": 3.1, "baseSeverity": "LOW"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-16T14:17:01.473548Z", "id": "CVE-2025-50081", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T14:17:05.863Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-50081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-16T14:17:01.473548Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T14:16:57.293Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Oracle Corporation", "product": "MySQL Cluster", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "custom", "lessThanOrEqual": "7.6.34"}, {"status": "affected", "version": "8.0.0", "versionType": "custom", "lessThanOrEqual": "8.0.42"}, {"status": "affected", "version": "8.4.0", "versionType": "custom", "lessThanOrEqual": "8.4.5"}, {"status": "affected", "version": "9.0.0", "versionType": "custom", "lessThanOrEqual": "9.3.0"}]}, {"vendor": "Oracle Corporation", "product": "MySQL Client", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "custom", "lessThanOrEqual": "8.0.42"}, {"status": "affected", "version": "8.4.0", "versionType": "custom", "lessThanOrEqual": "8.4.5"}, {"status": "affected", "version": "9.0.0", "versionType": "custom", "lessThanOrEqual": "9.3.0"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2025.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data."}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "7.6.34", "versionStartIncluding": "7.6.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "8.0.42", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "8.4.5", "versionStartIncluding": "8.4.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "9.3.0", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "8.0.42", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "8.4.5", "versionStartIncluding": "8.4.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "9.3.0", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2025-07-15T19:27:41.718Z"}}}, "cveMetadata": {"cveId": "CVE-2025-50081", "state": "PUBLISHED", "dateUpdated": "2025-07-16T14:17:05.863Z", "dateReserved": "2025-06-11T22:56:56.111Z", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2025-07-15T19:27:41.718Z", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "4943FB62-574B-4986-9DCB-79B34B63029B", "versionEndIncluding": "8.0.42", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "57E4C297-30F7-445B-8663-CA332B6E4914", "versionEndIncluding": "8.4.5", "versionStartIncluding": "8.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DD3ED8B-5060-4228-A4F7-F01C090D034B", "versionEndIncluding": "9.3.0", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto MySQL Client de Oracle MySQL (componente: Cliente: mysqldump). Las versiones compatibles afectadas son 8.0.0-8.0.42, 8.4.0-8.4.5 y 9.0.0-9.3.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer el MySQL Client. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserciones o eliminaciones de datos accesibles del MySQL Client as\u00ed como acceso no autorizado a lecturas de un subconjunto de dichos datos. Puntuaci\u00f3n base CVSS 3.1: 3.1 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)."}], "id": "CVE-2025-50081", "lastModified": "2025-07-17T12:30:54.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-15T20:15:43.840", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2025.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "mysql: mysqldump unspecified vulnerability (CPU Jul 2025)", "id": "2380273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380273"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "details": ["Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N)."], "name": "CVE-2025-50081", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "mysql8.4", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mysql:8.0/mysql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "mysql:8.4/mysql", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-15T19:27:41Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-50081\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-50081\nhttps://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL"], "threat_severity": "Low"}