Client-Side Security Flaw in aiomysql Library for MySQL Access
CVE-2025-62611

8.2HIGH

Key Information:

Vendor

Aio-libs

Status
Aiomysql
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62611?

The aiomysql library, which facilitates access to a MySQL database through asyncio, contains a security vulnerability. Before version 0.3.0, the library does not properly validate client-side settings prior to transmitting local files to the MySQL server. This oversight creates an opportunity for malicious actors to set up a rogue MySQL server that can manipulate authorization protocols, disregarding client flags, and can exploit the LOAD_LOCAL instruction packet to request and access arbitrary files from the client system. Users are urged to upgrade to version 0.3.0 or newer to mitigate this risk.

Affected Version(s)

aiomysql < 0.3.0

References

https://github.com/aio-libs/aiomysql/security/advisories/...
x_refsource_CONFIRM
https://github.com/aio-libs/aiomysql/pull/1044
x_refsource_MISC
https://github.com/aio-libs/aiomysql/commit/32c4520dae371...
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62611 : Client-Side Security Flaw in aiomysql Library for MySQL Access