CVE-2025-50076 in MySQL Serverinfo

Summary

by MITRE • 07/15/2025

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 12/02/2025

This vulnerability resides within the MySQL Server's DML component and affects versions 8.0.0 through 8.0.25, representing a significant availability risk for database systems. The flaw enables a low-privileged attacker with network access to execute a denial of service attack that can cause complete system crashes or frequent restarts, fundamentally compromising database availability. The vulnerability's exploitability is classified as easily accessible, meaning attackers with minimal privileges and network connectivity can leverage this weakness without requiring advanced technical skills or specialized tools. The CVSS score of 6.5 indicates a moderate to high severity impact, with the primary concern being availability rather than confidentiality or integrity. This aligns with CWE-119, which addresses memory safety issues, and reflects the broader category of denial of service vulnerabilities that can severely impact system operations and business continuity.

The technical nature of this vulnerability involves a flaw in how MySQL Server processes certain DML operations, creating conditions where malformed or specially crafted database commands can trigger system instability. The affected versions span a critical range of MySQL 8.0 releases, suggesting this issue has been present for several years and affects a substantial portion of database deployments. Attackers can potentially cause repeated crashes or system hangs through network-based attacks, which could be particularly devastating in production environments where database availability is crucial for business operations. The vector indicates network accessibility with low attack complexity and no user interaction required, making this vulnerability particularly dangerous as it can be exploited automatically by threat actors scanning for vulnerable systems.

The operational impact of this vulnerability extends beyond simple service disruption, as database crashes can lead to data loss, application downtime, and significant business interruption. Organizations relying on MySQL for critical applications face substantial risk of service degradation or complete system unavailability when this vulnerability is exploited. The vulnerability affects the server's ability to maintain consistent operations, potentially causing cascading failures in applications that depend on database connectivity. Recovery from such attacks may require manual intervention, system restarts, and potential data recovery procedures that can result in extended downtime periods. This vulnerability particularly impacts organizations using MySQL 8.0 in mission-critical applications where continuous database availability is essential for maintaining business operations and service level agreements.

Organizations should immediately implement mitigation strategies including applying the latest security patches from Oracle, which would address the specific DML processing flaw in affected versions. Network segmentation and access controls should be strengthened to limit exposure of MySQL servers to untrusted networks, while monitoring systems should be enhanced to detect unusual patterns of database connection attempts or system instability. Regular vulnerability assessments and penetration testing should be conducted to identify similar issues in other database components or related systems. The implementation of intrusion detection systems and database activity monitoring can help identify exploitation attempts before they cause significant damage. Additionally, maintaining up-to-date backups and disaster recovery procedures is essential for rapid recovery in case of successful exploitation, while regular security training for database administrators can help prevent unauthorized access that could lead to exploitation. Organizations should also consider implementing database firewalls and query filtering mechanisms to prevent malicious DML operations from reaching the vulnerable server components.

Responsible

Oracle

Reservation

06/12/2025

Disclosure

07/15/2025

Moderation

accepted

CPE

ready

EPSS

0.00525

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!