MySQL Server, User-Defined Function (UDF) Vulnerability, CVE-2025-30721 (Medium)

Listen to this Post

How the CVE Works

CVE-2025-30721 is a vulnerability in MySQL Server’s User-Defined Function (UDF) component. It affects MySQL versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. The flaw allows a high-privileged attacker with local access to trigger a denial-of-service (DoS) condition by exploiting improper handling of UDF execution. The attack requires human interaction (such as tricking an admin into running a malicious UDF) and leads to a complete server hang or crash. Due to the high privileges needed and the difficulty of exploitation, it has a moderate CVSS score of 4.0 (Availability impact).

DailyCVE Form

Platform: MySQL Server
Version: 8.0.0-9.2.0
Vulnerability: UDF DoS
Severity: Medium
Date: 06/23/2025

Prediction: Patch by Q3 2025

What Undercode Say

-- Check UDF privileges
SELECT FROM mysql.func;
-- Example malicious UDF trigger
CREATE FUNCTION exploit RETURNS INT SONAME 'malicious.so';

How Exploit

  • Attacker crafts malicious UDF library.
  • Gains high-privileged MySQL access.
  • Triggers DoS via UDF execution.

Protection from this CVE

  • Restrict UDF creation.
  • Update to patched versions.
  • Limit admin privileges.

Impact

  • Server crash/hang.
  • Availability loss.
  • Requires admin interaction.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top