Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5399 (GCVE-0-2025-5399)
Vulnerability from cvelistv5 – Published: 2025-06-07 07:49 – Updated: 2025-06-09 13:20
VLAI?
EPSS
Title
WebSocket endless loop
Summary
Due to a mistake in libcurl's WebSocket code, a malicious server can send a
particularly crafted packet which makes libcurl get trapped in an endless
busy-loop.
There is no other way for the application to escape or exit this loop other
than killing the thread/process.
This might be used to DoS libcurl-using application.
Severity ?
7.5 (High)
Assigner
References
Impacted products
Credits
z2_ on hackerone
z2_ on hackerone
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-07T08:05:07.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/04/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5399",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:20:18.342977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:20:29.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.14.0",
"status": "affected",
"version": "8.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.13.0",
"status": "affected",
"version": "8.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "z2_ on hackerone"
},
{
"lang": "en",
"type": "remediation developer",
"value": "z2_ on hackerone"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to a mistake in libcurl\u0027s WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T07:49:09.370Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2025-5399.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2025-5399.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/3168039"
}
],
"title": "WebSocket endless loop"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2025-5399",
"datePublished": "2025-06-07T07:49:09.370Z",
"dateReserved": "2025-05-31T15:02:27.226Z",
"dateUpdated": "2025-06-09T13:20:29.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/06/04/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-06-07T08:05:07.254Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5399\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-09T13:20:18.342977Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-09T13:19:43.137Z\"}}], \"cna\": {\"title\": \"WebSocket endless loop\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"z2_ on hackerone\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"z2_ on hackerone\"}], \"affected\": [{\"vendor\": \"curl\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.14.0\"}, {\"status\": \"affected\", \"version\": \"8.13.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.13.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://curl.se/docs/CVE-2025-5399.json\", \"name\": \"json\"}, {\"url\": \"https://curl.se/docs/CVE-2025-5399.html\", \"name\": \"www\"}, {\"url\": \"https://hackerone.com/reports/3168039\", \"name\": \"issue\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Due to a mistake in libcurl\u0027s WebSocket code, a malicious server can send a\\nparticularly crafted packet which makes libcurl get trapped in an endless\\nbusy-loop.\\n\\nThere is no other way for the application to escape or exit this loop other\\nthan killing the thread/process.\\n\\nThis might be used to DoS libcurl-using application.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"shortName\": \"curl\", \"dateUpdated\": \"2025-06-07T07:49:09.370Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5399\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-09T13:20:29.843Z\", \"dateReserved\": \"2025-05-31T15:02:27.226Z\", \"assignerOrgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"datePublished\": \"2025-06-07T07:49:09.370Z\", \"assignerShortName\": \"curl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CVE-2025-5399
Vulnerability from fstec - Published: 31.05.2025
VLAI Severity ?
Title
Уязвимость компонента WebSocket библиотеки libcurl, связанная с ошибками бесконечного цикла, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонента WebSocket библиотеки libcurl связана с ошибками бесконечного цикла. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Daniel Stenberg
Software Name
Libcurl
Software Version
от 8.13.0 до 8.14.0 включительно (Libcurl)
Possible Mitigations
Использование рекомендаций производителя:
https://curl.se/docs/CVE-2025-5399.html
https://github.com/curl/curl/commit/d1145df24de8f80e6b16
Reference
https://curl.se/docs/CVE-2025-5399.html
https://github.com/curl/curl/commit/d1145df24de8f80e6b16
CWE
CWE-835
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Daniel Stenberg",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 8.13.0 \u0434\u043e 8.14.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Libcurl)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://curl.se/docs/CVE-2025-5399.html\nhttps://github.com/curl/curl/commit/d1145df24de8f80e6b16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.08.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10234",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-5399",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Libcurl",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 WebSocket \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libcurl, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0433\u043e \u0446\u0438\u043a\u043b\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430 (\u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b) (CWE-835)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 WebSocket \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libcurl \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0433\u043e \u0446\u0438\u043a\u043b\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://curl.se/docs/CVE-2025-5399.html\nhttps://github.com/curl/curl/commit/d1145df24de8f80e6b16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-835",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,8)"
}
CERTFR-2025-AVI-0476
Vulnerability from certfr_avis - Published: 2025-06-04 - Updated: 2025-06-04
Une vulnérabilité a été découverte dans cURL. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Curl | cURL et libcurl | cURL versions 8.13.x à 8.14.x antérieures à 8.14.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cURL versions 8.13.x \u00e0 8.14.x ant\u00e9rieures \u00e0 8.14.1",
"product": {
"name": "cURL et libcurl",
"vendor": {
"name": "Curl",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-06-04T00:00:00",
"last_revision_date": "2025-06-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0476",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans cURL. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans cURL ",
"vendor_advisories": [
{
"published_at": "2025-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 cURL CVE-2025-5399",
"url": "https://curl.se/docs/CVE-2025-5399.html"
}
]
}
CERTFR-2025-AVI-0907
Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Enterprise Backup version 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Enterprise Backup version 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Cluster version 8.4.0 à 8.4.3 | ||
| Oracle | MySQL | MySQL Enterprise Backup version 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Cluster version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Cluster version 9.0.0 à 9.1.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Server (Server: DML) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Server (Server: DML) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Cluster version 8.0.0 à 8.0.40 | ||
| Oracle | MySQL | MySQL Cluster version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: DML) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Workbench version 8.0.0 à 8.0.43 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server (Server: Optimizer) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.4.0 \u00e0 8.4.3",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 9.0.0 \u00e0 9.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.0.0 \u00e0 8.0.40",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2025-5449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5449"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53067"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0907",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpuoct2025",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
]
}
CERTFR-2025-AVI-0601
Vulnerability from certfr_avis - Published: 2025-07-18 - Updated: 2025-07-18
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Client versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Cluster versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Client versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Client versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.0 à 7.6.34 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.0 à 8.0.42 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.0 \u00e0 7.6.34",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-50089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50089"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2025-53032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53032"
},
{
"name": "CVE-2025-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50076"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2025-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50095"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2025-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50068"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2025-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50081"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50103"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-07-18T00:00:00",
"last_revision_date": "2025-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0601",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujul2025",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html"
}
]
}
CERTFR-2025-AVI-0621
Vulnerability from certfr_avis - Published: 2025-07-24 - Updated: 2025-07-24
De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Identity Exposure | Identity Exposure versions antérieures à 3.77.12 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.12",
"product": {
"name": "Identity Exposure",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30399"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2025-4748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4748"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-07-24T00:00:00",
"last_revision_date": "2025-07-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0621",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
"vendor_advisories": [
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-14",
"url": "https://www.tenable.com/security/tns-2025-14"
}
]
}
FKIE_CVE-2025-5399
Vulnerability from fkie_nvd - Published: 2025-06-07 08:15 - Updated: 2025-07-30 19:41
Severity ?
Summary
Due to a mistake in libcurl's WebSocket code, a malicious server can send a
particularly crafted packet which makes libcurl get trapped in an endless
busy-loop.
There is no other way for the application to escape or exit this loop other
than killing the thread/process.
This might be used to DoS libcurl-using application.
References
| URL | Tags | ||
|---|---|---|---|
| 2499f714-1537-4658-8207-48ae4bb9eae9 | https://curl.se/docs/CVE-2025-5399.html | Vendor Advisory | |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | https://curl.se/docs/CVE-2025-5399.json | Vendor Advisory | |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | https://hackerone.com/reports/3168039 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/06/04/2 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6456DBDE-83F3-4787-A406-C80A8D824BD5",
"versionEndExcluding": "8.14.1",
"versionStartIncluding": "8.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to a mistake in libcurl\u0027s WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application."
},
{
"lang": "es",
"value": "Debido a un error en el c\u00f3digo WebSocket de libcurl, un servidor malicioso puede enviar un paquete especialmente manipulado que atrapa a libcurl en un bucle de actividad sin fin. La aplicaci\u00f3n no tiene otra forma de escapar de este bucle que cerrar el hilo/proceso. Esto podr\u00eda usarse para atacar a la aplicaci\u00f3n que usa libcurl."
}
],
"id": "CVE-2025-5399",
"lastModified": "2025-07-30T19:41:33.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-07T08:15:20.687",
"references": [
{
"source": "2499f714-1537-4658-8207-48ae4bb9eae9",
"tags": [
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2025-5399.html"
},
{
"source": "2499f714-1537-4658-8207-48ae4bb9eae9",
"tags": [
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2025-5399.json"
},
{
"source": "2499f714-1537-4658-8207-48ae4bb9eae9",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/3168039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/06/04/2"
}
],
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2025-5399
Vulnerability from osv_almalinux
Published
2025-09-17 00:00
Modified
2025-09-18 08:40
Summary
Moderate: mysql:8.4 security update
Details
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
- openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176)
- mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)
- mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)
- mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)
- mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)
- mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)
- mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)
- mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)
- mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)
- mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)
- mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)
- mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)
- mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
- mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)
- curl: libcurl: WebSocket endless loop (CVE-2025-5399)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)
- mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)
- mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)
- mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)
- mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)
- mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)
- mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)
- mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)
- mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)
- mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mecab"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-3.module_el9.6.0+152+8cbce00c.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mecab-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.996-3.module_el9.6.0+152+8cbce00c.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mecab-ipadic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-24.module_el9.6.0+152+8cbce00c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mecab-ipadic-EUCJP"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0.20070801-24.module_el9.6.0+152+8cbce00c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mysql-test-data"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-1.module_el9.6.0+180+a4e757e5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rapidjson-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0-19.module_el9.6.0+152+8cbce00c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rapidjson-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0-19.module_el9.6.0+152+8cbce00c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. \n\nSecurity Fix(es): \n\n * openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176)\n * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)\n * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)\n * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)\n * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)\n * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)\n * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)\n * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)\n * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)\n * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)\n * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)\n * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)\n * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)\n * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)\n * curl: libcurl: WebSocket endless loop (CVE-2025-5399)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)\n * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)\n * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)\n * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)\n * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)\n * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)\n * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)\n * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)\n * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)\n * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:16046",
"modified": "2025-09-18T08:40:08Z",
"published": "2025-09-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:16046"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-13176"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21574"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21575"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21577"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21579"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21580"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21581"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21584"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21585"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21588"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30681"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30682"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30683"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30684"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30685"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30687"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30688"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30689"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30695"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30699"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30703"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30704"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30705"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30715"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30721"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30722"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50077"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50078"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50080"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50081"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50082"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50083"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50084"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50085"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50086"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50087"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50088"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50091"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50093"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50094"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50096"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50097"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50098"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50099"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50100"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50101"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50102"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50104"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359885"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359888"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359892"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359894"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359895"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359900"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359902"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359903"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359911"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359918"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359920"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359924"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359928"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359930"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359932"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359934"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359938"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359940"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359943"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359944"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359945"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359947"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359950"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359963"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359964"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359972"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2370920"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380264"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380273"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380274"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380278"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380280"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380283"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380291"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380295"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380298"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380306"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380308"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380309"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380310"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380312"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380313"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380320"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380321"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380326"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380327"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380334"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380335"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-16046.html"
}
],
"related": [
"CVE-2024-13176",
"CVE-2025-30722",
"CVE-2025-30688",
"CVE-2025-30699",
"CVE-2025-30721",
"CVE-2025-30682",
"CVE-2025-30683",
"CVE-2025-30715",
"CVE-2025-21574",
"CVE-2025-21585",
"CVE-2025-21588",
"CVE-2025-30681",
"CVE-2025-21577",
"CVE-2025-30687",
"CVE-2025-21580",
"CVE-2025-30696",
"CVE-2025-30705",
"CVE-2025-21575",
"CVE-2025-21579",
"CVE-2025-30685",
"CVE-2025-30704",
"CVE-2025-21581",
"CVE-2025-30689",
"CVE-2025-30695",
"CVE-2025-30703",
"CVE-2025-30693",
"CVE-2025-21584",
"CVE-2025-30684",
"CVE-2025-5399",
"CVE-2025-50092",
"CVE-2025-50081",
"CVE-2025-50079",
"CVE-2025-50077",
"CVE-2025-50078",
"CVE-2025-50091",
"CVE-2025-50101",
"CVE-2025-50093",
"CVE-2025-50099",
"CVE-2025-50085",
"CVE-2025-50086",
"CVE-2025-50082",
"CVE-2025-50097",
"CVE-2025-50104",
"CVE-2025-50087",
"CVE-2025-50080",
"CVE-2025-50088",
"CVE-2025-50083",
"CVE-2025-50084",
"CVE-2025-50100",
"CVE-2025-50094",
"CVE-2025-50098",
"CVE-2025-50096",
"CVE-2025-50102"
],
"summary": "Moderate: mysql:8.4 security update"
}
cve-2025-5399
Vulnerability from osv_almalinux
Published
2025-09-11 00:00
Modified
2025-09-12 10:30
Summary
Moderate: mysql-selinux and mysql8.4 security update
Details
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.
Security Fix(es):
- openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176)
- mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)
- mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)
- mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)
- mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)
- mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)
- mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)
- mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)
- mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)
- mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)
- mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)
- mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)
- mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)
- mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
- mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)
- mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)
- curl: libcurl: WebSocket endless loop (CVE-2025-5399)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)
- mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)
- mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)
- mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)
- mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)
- mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)
- mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)
- mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)
- mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)
- mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)
- mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mysql-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.14-1.el10_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mysql8.4-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-2.el10_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mysql8.4-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-2.el10_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mysql8.4-test-data"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.6-2.el10_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. \n\nSecurity Fix(es): \n\n * openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176)\n * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)\n * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)\n * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)\n * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)\n * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)\n * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)\n * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)\n * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)\n * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)\n * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)\n * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)\n * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)\n * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)\n * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)\n * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)\n * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)\n * curl: libcurl: WebSocket endless loop (CVE-2025-5399)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)\n * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)\n * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)\n * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)\n * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)\n * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)\n * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)\n * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)\n * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)\n * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)\n * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)\n * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:15699",
"modified": "2025-09-12T10:30:08Z",
"published": "2025-09-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:15699"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-13176"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21574"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21575"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21577"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21579"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21580"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21581"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21584"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21585"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-21588"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30681"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30682"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30683"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30684"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30685"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30687"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30688"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30689"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30693"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30695"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30696"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30699"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30703"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30704"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30705"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30715"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30721"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30722"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50077"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50078"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50080"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50081"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50082"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50083"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50084"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50085"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50086"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50087"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50088"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50091"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50093"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50094"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50096"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50097"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50098"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50099"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50100"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50101"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50102"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-50104"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359885"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359888"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359892"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359894"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359895"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359899"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359900"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359902"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359903"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359911"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359918"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359920"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359924"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359928"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359930"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359932"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359934"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359938"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359940"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359943"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359944"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359945"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359947"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359950"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359963"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359964"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2359972"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2370920"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380264"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380273"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380274"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380278"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380280"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380283"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380290"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380291"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380295"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380298"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380306"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380308"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380309"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380310"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380312"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380313"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380320"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380321"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380326"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380327"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380334"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2380335"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-15699.html"
}
],
"related": [
"CVE-2024-13176",
"CVE-2025-30722",
"CVE-2025-30688",
"CVE-2025-30699",
"CVE-2025-30721",
"CVE-2025-30682",
"CVE-2025-30683",
"CVE-2025-30715",
"CVE-2025-21574",
"CVE-2025-21585",
"CVE-2025-21588",
"CVE-2025-30681",
"CVE-2025-21577",
"CVE-2025-30687",
"CVE-2025-21580",
"CVE-2025-30696",
"CVE-2025-30705",
"CVE-2025-21575",
"CVE-2025-21579",
"CVE-2025-30685",
"CVE-2025-30704",
"CVE-2025-21581",
"CVE-2025-30689",
"CVE-2025-30695",
"CVE-2025-30703",
"CVE-2025-30693",
"CVE-2025-21584",
"CVE-2025-30684",
"CVE-2025-5399",
"CVE-2025-50092",
"CVE-2025-50081",
"CVE-2025-50079",
"CVE-2025-50077",
"CVE-2025-50078",
"CVE-2025-50091",
"CVE-2025-50101",
"CVE-2025-50093",
"CVE-2025-50099",
"CVE-2025-50085",
"CVE-2025-50086",
"CVE-2025-50082",
"CVE-2025-50097",
"CVE-2025-50104",
"CVE-2025-50087",
"CVE-2025-50080",
"CVE-2025-50088",
"CVE-2025-50083",
"CVE-2025-50084",
"CVE-2025-50100",
"CVE-2025-50094",
"CVE-2025-50098",
"CVE-2025-50096",
"CVE-2025-50102"
],
"summary": "Moderate: mysql-selinux and mysql8.4 security update"
}
GHSA-8H93-38HX-VV92
Vulnerability from github – Published: 2025-06-07 09:30 – Updated: 2025-06-09 15:31
VLAI?
Details
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop.
There is no other way for the application to escape or exit this loop other than killing the thread/process.
This might be used to DoS libcurl-using application.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-5399"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-07T08:15:20Z",
"severity": "HIGH"
},
"details": "Due to a mistake in libcurl\u0027s WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.",
"id": "GHSA-8h93-38hx-vv92",
"modified": "2025-06-09T15:31:41Z",
"published": "2025-06-07T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3168039"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2025-5399.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2025-5399.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/06/04/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…