Impact
A flaw in the HTTP interface of Oracle MySQL Router allows an unauthenticated attacker with network access to compromise the router. Successful exploitation can lead to full takeover of the routing service, affecting confidentiality, integrity, and availability of the router itself and potentially the database connections it forwards.
Affected Systems
Oracle MySQL Router versions 9.0.0 through 9.7.0 are affected. The vulnerability applies to the general Router component and is present in all builds within that range.
Risk and Exploitability
The CVSS 3.1 base score of 9.8 indicates critical severity. The EPSS score is below 1%, implying that exploitation is currently uncommon, but the zero‑authentication requirement and direct HTTP access mean an attacker can exploit it with only network reach to the router’s HTTP port. The vulnerability is not listed in CISA KEV, but its high impact warrants rapid action.
OpenCVE Enrichment