Privilege Escalation Vulnerability in OceanBase Oracle Tenant Mode
CVE-2025-8107

6.3MEDIUM

Key Information:

Vendor: Ob
Status: Oceanbase Server
Vendor: CVE Published:; 24 July 2025

What is CVE-2025-8107?

In OceanBase's Oracle tenant mode, a security flaw allows a malicious user with specific privileges to escalate their access to SYS-level. This is achieved by executing carefully crafted commands, raising significant concerns for data integrity and system security. It is important to note that tenants operating in MySQL mode are not affected by this vulnerability, underscoring the need for secure configurations and regular updates to prevent potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OceanBase Server Oracle Tenant Mode 3.2.4.x < 3.2.4.8

OceanBase Server Oracle Tenant Mode 4.2.1 x < 4.2.1.10

OceanBase Server Oracle Tenant Mode 4.2.x < 4.2.5

References

https://github.com/oceanbase/oceanbase/security

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2025
Vulnerability Reserved
Jul 24, 2025

JSON

Ob