Vulnerability in Oracle MySQL Connectors: Connector/Python Exposed
CVE-2025-21548

6.4MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Connectors
Vendor: CVE Published:; 21 January 2025

Summary

This vulnerability in Oracle MySQL Connectors (specifically, Connector/Python) poses significant risks for users of version 9.1.0 and earlier. A high-privileged attacker with network access can exploit the vulnerability through various protocols, necessitating human interaction from a victim other than the attacker. Successful exploitation may allow unauthorized creation, deletion, or modification of critical data, as well as unauthorized read access to sensitive information. Additionally, this vulnerability could result in a denial-of-service condition, leading to system hangs or crashes of the MySQL Connectors.

Affected Version(s)

MySQL Connectors * <= 9.1.0

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024