MySQL Server Vulnerability in Oracle Software Products
CVE-2025-21520

1.8LOW

Key Information:

Vendor: Oracle
Status: Mysql Cluster; Mysql Server
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the MySQL Server component of Oracle MySQL, specifically affecting versions 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier. This issue can be exploited by a highly privileged attacker with access to the MySQL infrastructure, allowing unauthorized read access to specific data within MySQL Server. Notably, this vulnerability requires human interaction from another person, making it somewhat challenging to exploit. Organizations using the aforementioned versions should assess their security posture to mitigate potential risks associated with this vulnerability.

Affected Version(s)

MySQL Cluster * <= 7.6.32

MySQL Cluster * <= 8.0.40

MySQL Cluster * <= 8.4.3

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024