Database

In Redis versions 2.6 to 7.4.2 a medium severity vulnerability CVE-2025-21605 was detected. This vulnerability allows unauthenticated clients to trigger unbounded growth of output buffers, leading to memory exhaustion or service crashes, due to Redis not limiting output buffers for unauthenticated clients by default and repeated “NOAUTH” responses filling memory. To address this issue, users should upgrade Redis to versions 7.4.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21605.

In MySQL Cluster versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30710 was detected. This vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Cluster, potentially causing a hang or repeatable crash (complete DOS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30710.

In Oracle MySQL Client versions 8.0.0 through 8.0.41, 8.4.0 through 8.4.4 and 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30722 was detected in the mysqldump component. This vulnerability allows low-privileged attackers with network access via multiple protocols to gain unauthorized access to critical data or modify data accessible to the MySQL Client. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30722.

In Oracle MySQL Server (InnoDB component) versions 8.0.0–8.0.41, 8.4.0–8.4.4 and 9.0.0–9.2.0 a medium severity vulnerability CVE-2025-30693 was detected. This vulnerability allows high privileged attackers with network access via multiple protocols to cause a denial of service (DoS) or perform unauthorized updates, inserts, or deletions on MySQL Server data. To address this issue, users should upgrade MySQL Server to versions 8.0.42-1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30693.

In MySQL Connector/Python versions 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30714 was detected. This vulnerability allows low privileged attackers with network access and user interaction to gain unauthorized access to sensitive data. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30714.

In MySQL Server (component: Server: UDF) versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30721 was detected. This vulnerability allows a high-privileged attacker with logon access to compromise MySQL Server, requiring human interaction and potentially causing a crash (DOS). To address this issue, users should upgrade MySQL Server to versions 8.0.42-1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30721.

In SQLite version 3.49.0 a critical severity vulnerability CVE-2025-29087 was detected. This vulnerability allows attackers to trigger an integer overflow using the concat function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-29087.

In MongoDB versions prior to 5.0.31, 6.0.20 and 7.0.16 a high severity vulnerability CVE-2025-3083 was detected. This vulnerability allows unauthenticated attackers to crash the `mongos` process by sending specifically crafted MongoDB wire protocol messages. To address this issue, users should upgrade MongoDB to versions 5.0.31, 6.0.20 or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3083.

In MongoDB Server versions prior to 5.0.31, 6.0.20, 7.0.16 and 8.0.4 a medium severity vulnerability CVE-2025-3084 was detected. This vulnerability allows malformed arguments passed to the `explain` command to bypass validation, potentially causing crashes in router (`mongos`) servers. To address this issue, users should upgrade MongoDB Server to versions 5.0.31, 6.0.20, or 7.0.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3084.