Data Management and Analytics

In Elasticsearch versions prior to 7.17.25 and prior to 8.16.0 a medium severity vulnerability CVE-2024-52979 was detected. This vulnerability allows attackers to trigger uncontrolled resource consumption by submitting specially crafted search templates using Mustache functions, potentially leading to a Denial of Service by crashing the Elasticsearch node. To address this issue, users should upgrade Elasticsearch to versions 7.17.25 or 8.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52979.

In Kibana versions 7.17.0 up to 7.17.18 and 8.0.0 up to 8.12.3 a medium severity vulnerability CVE-2025-25016 was detected. This vulnerability allows authenticated attackers to compromise software integrity by uploading crafted malicious files due to insufficient server-side validation. To address this issue, users should upgrade Kibana to versions 7.17.19 or later and 8.13.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25016.

In Kibana versions 7.17.6 up to and including 7.17.23 and 8.4.0 up to and including 8.11.4 a medium severity vulnerability CVE-2024-11390 was detected. This vulnerability allows attackers with access to the Synthetics app or write permissions to synthetics indices to upload crafted HTML and JavaScript files, leading to arbitrary JavaScript execution (XSS) in a victim’s browser. To address this issue, users should upgrade Kibana to versions 7.17.24 or 8.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11390.

In Redis versions 2.6 to 7.4.2 a medium severity vulnerability CVE-2025-21605 was detected. This vulnerability allows unauthenticated clients to trigger unbounded growth of output buffers, leading to memory exhaustion or service crashes, due to Redis not limiting output buffers for unauthenticated clients by default and repeated “NOAUTH” responses filling memory. To address this issue, users should upgrade Redis to versions 7.4.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21605.

In Grafana XY Chart plugin versions 11.6.0 prior to 11.6.0+security-01, 11.5.0 prior to 11.5.3+security-01, 11.4.0 prior to 11.4.3+security-01, 11.3.0 prior to 11.3.5+security-01 and 11.2.0 prior to 11.2.8+security-01 a medium severity vulnerability CVE-2025-2703 was detected. This DOM-based XSS issue allows a user with Editor permissions to modify a panel and execute arbitrary JavaScript. To address this issue, users should upgrade Grafana XY Chart plugin to versions 1.6.0+security-01, 11.5.3+security-01, 11.4.3+security-01, 11.3.5+security-01 and 11.2.8+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2703.

In MySQL Cluster versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30710 was detected. This vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Cluster, potentially causing a hang or repeatable crash (complete DOS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30710.

In Oracle MySQL Client versions 8.0.0 through 8.0.41, 8.4.0 through 8.4.4 and 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30722 was detected in the mysqldump component. This vulnerability allows low-privileged attackers with network access via multiple protocols to gain unauthorized access to critical data or modify data accessible to the MySQL Client. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30722.

In MySQL Server (component: Server: UDF) versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30721 was detected. This vulnerability allows a high-privileged attacker with logon access to compromise MySQL Server, requiring human interaction and potentially causing a crash (DOS). To address this issue, users should upgrade MySQL Server to versions 8.0.42-1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30721.

In Oracle MySQL Server (InnoDB component) versions 8.0.0–8.0.41, 8.4.0–8.4.4 and 9.0.0–9.2.0 a medium severity vulnerability CVE-2025-30693 was detected. This vulnerability allows high privileged attackers with network access via multiple protocols to cause a denial of service (DoS) or perform unauthorized updates, inserts, or deletions on MySQL Server data. To address this issue, users should upgrade MySQL Server to versions 8.0.42-1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30693.