Impact
A vulnerability in Oracle MySQL Shell’s Dump and Load component allows an unauthenticated attacker with network access to compromise the shell. The known issue requires human interaction from a person other than the attacker, indicating that social‑engineering or credential‑harvesting may be needed before the exploit is triggered. Once compromised, the attacker can read any critical data available through the shell, resulting in a disclosure of confidential information. The weakness aligns with a cross‑site request forgery type flaw (CWE‑352) and directly affects data confidentiality, with no denial of service or code execution impact.
Affected Systems
MySQL Shell from Oracle Corporation, versions 8.4.0 through 8.4.9 and 9.0.0 through 9.7.0. Any installation that has the Dump and Load functionality enabled and is reachable over network protocols is susceptible. Users should verify the installed version against the affected ranges and apply the fix if applicable.
Risk and Exploitability
The CVSS score of 6.5 categorizes this flaw as moderate severity, while an EPSS score of less than 1% indicates a very low current exploitation probability; the vulnerability is also not listed in CISA KEV. Exploitation requires network access and human interaction, reducing the likelihood of automated attacks but still presenting a tangible risk to confidentiality. Timely remediation is recommended to prevent unauthorized data access from occurring.
OpenCVE Enrichment