CVE-2025-21580 in MySQL Server
Summary
by MITRE • 04/16/2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/15/2025
This vulnerability resides within the MySQL Server's Data Manipulation Language component, specifically affecting versions ranging from 8.0.0 through 8.0.41, 8.4.0 through 8.4.4, and 9.0.0 through 9.2.0. The flaw represents a significant availability risk that can be exploited by attackers with high privileges and network access through multiple protocols. The vulnerability's classification as easily exploitable indicates that the attack vector requires minimal complexity to execute successfully, making it particularly dangerous in production environments where MySQL servers handle critical database operations. This vulnerability falls under the CWE-121 category of "Buffer Errors" and aligns with ATT&CK technique T1499.100 for Network Denial of Service attacks.
The technical nature of this vulnerability allows for complete denial of service conditions where successful exploitation can cause the MySQL server to hang or repeatedly crash, effectively rendering the database service unavailable to legitimate users and applications. The CVSS 3.1 score of 4.9 indicates a moderate severity impact with high availability impact, reflecting the potential for significant business disruption. The attack requires an attacker with high privileges, suggesting that the vulnerability may be exploited through compromised administrative accounts or through lateral movement within a network where such privileges have been obtained. The vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H clearly demonstrates that network access is required, the attack is easy to perform, high privileges are needed, user interaction is not required, and the scope remains unchanged while causing high availability impact.
The operational impact of this vulnerability extends beyond simple service disruption as database availability is fundamental to most enterprise applications and services. When a MySQL server experiences complete denial of service through this vulnerability, it can cascade into broader system failures affecting applications that depend on database connectivity, potentially causing data processing delays, application timeouts, and service outages. Organizations running affected MySQL versions face the risk of unauthorized service disruption that could impact business continuity and customer satisfaction. The vulnerability's presence in multiple version ranges suggests that the flaw has persisted across several MySQL releases, indicating a fundamental issue in the DML processing logic that requires immediate attention.
Mitigation strategies should prioritize immediate patching of affected MySQL versions to address the root cause of the vulnerability. Organizations should also implement network segmentation and access controls to limit the attack surface and reduce the likelihood of privilege escalation to high-privilege accounts. Monitoring systems should be enhanced to detect unusual patterns of database server crashes or hangs that might indicate exploitation attempts. Additionally, implementing network-level controls such as firewalls and intrusion detection systems can help prevent unauthorized network access to MySQL server ports and protocols. The vulnerability's classification under ATT&CK framework highlights the need for defensive measures against privilege escalation and denial of service attacks, emphasizing the importance of maintaining least privilege access controls and regular security assessments of database server configurations.