Listen to this Post
How the CVE Works
CVE-2025-30721 is a vulnerability in MySQL Server’s User-Defined Function (UDF) component. It affects MySQL versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. The flaw allows a high-privileged attacker with local access to trigger a denial-of-service (DoS) condition by exploiting improper handling of UDF execution. The attack requires human interaction (such as tricking an admin into running a malicious UDF) and leads to a complete server hang or crash. Due to the high privileges needed and the difficulty of exploitation, it has a moderate CVSS score of 4.0 (Availability impact).
DailyCVE Form
Platform: MySQL Server
Version: 8.0.0-9.2.0
Vulnerability: UDF DoS
Severity: Medium
Date: 06/23/2025
Prediction: Patch by Q3 2025
What Undercode Say
-- Check UDF privileges SELECT FROM mysql.func; -- Example malicious UDF trigger CREATE FUNCTION exploit RETURNS INT SONAME 'malicious.so';
How Exploit
- Attacker crafts malicious UDF library.
- Gains high-privileged MySQL access.
- Triggers DoS via UDF execution.
Protection from this CVE
- Restrict UDF creation.
- Update to patched versions.
- Limit admin privileges.
Impact
- Server crash/hang.
- Availability loss.
- Requires admin interaction.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode