Privilege Escalation Vulnerability in OceanBase Oracle Tenant Mode
CVE-2025-8107

6.3MEDIUM

Key Information:

Vendor: Ob
Status: Oceanbase Server
Vendor: CVE Published:; 24 July 2025

What is CVE-2025-8107?

In OceanBase's Oracle tenant mode, a security flaw allows a malicious user with specific privileges to escalate their access to SYS-level. This is achieved by executing carefully crafted commands, raising significant concerns for data integrity and system security. It is important to note that tenants operating in MySQL mode are not affected by this vulnerability, underscoring the need for secure configurations and regular updates to prevent potential exploitation.

Affected Version(s)

OceanBase Server Oracle Tenant Mode 3.x < 3.2.4.9

OceanBase Server Oracle Tenant Mode 4.2.1 x < 4.2.1.10

OceanBase Server Oracle Tenant Mode 4.2.x < 4.2.5

References

https://github.com/oceanbase/oceanbase/security

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2025
Vulnerability Reserved
Jul 24, 2025

Ob

What is CVE-2025-8107?

Affected Version(s)

References

CVSS V3.1

Timeline