Security Vulnerabilities - CVEs Published In April 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVSS Score
6.5
EPSS Score
0.003
Published
2025-04-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVSS Score
6.5
EPSS Score
0.003
Published
2025-04-15
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-04-15
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-04-15
Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same local network as the Jellyfin server. Due to the method Jellyfin uses to determine the source IP of a request, an unauthenticated attacker is able to spoof their IP to appear as a LAN IP, allowing them to restart the Jellyfin server process without authentication. This means that an unauthenticated attacker could mount a denial-of-service attack on any default-configured Jellyfin server by simply sending the same spoofed request every few seconds to restart the server over and over. This method of IP spoofing also bypasses some security mechanisms, cause a denial-of-service attack, and possible bypass the admin restart requirement if combined with remote code execution. This issue is patched in version 10.10.7.
CVSS Score
4.6
EPSS Score
0.017
Published
2025-04-15
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and
Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-04-15
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and
bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-04-15
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.
CVSS Score
4.6
EPSS Score
0.002
Published
2025-04-15
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-15
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
CVSS Score
9.8
EPSS Score
0.01
Published
2025-04-15