Denial of Service Vulnerability in Oracle MySQL Server
CVE-2025-21536
4.9MEDIUM
Summary
A vulnerability exists in Oracle MySQL Server, specifically within the Optimizer component. This flaw can be easily exploited by an attacker with high privileges and network access, leading to unauthorized operations that can cause the MySQL Server to hang or crash repeatedly. The affected versions include MySQL Server 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. These vulnerabilities pose significant operational risks, making it essential for impacted users to apply the latest security updates to mitigate potential disruptions.
Affected Version(s)
MySQL Server * <= 8.0.39
MySQL Server * <= 8.4.2
MySQL Server * <= 9.0.1
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved