CVE-2025-50079 in MySQL Serverinfo

Summary

by MITRE • 07/15/2025

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 12/02/2025

This vulnerability resides within the MySQL Server optimizer component of Oracle MySQL, affecting specific version ranges including 8.0.0 through 8.0.42, 8.4.0 through 8.4.5, and 9.0.0 through 9.3.0. The flaw represents a significant availability risk that can be exploited by attackers with high privileges and network access through multiple protocols. The vulnerability classification as easily exploitable indicates that the attack vector requires minimal effort to execute, making it particularly dangerous in production environments where MySQL servers are exposed to network traffic. This type of vulnerability falls under the CWE-119 category of "Improper Restriction of Operations within the Bounds of a Memory Buffer" and aligns with ATT&CK technique T1499.004 for network denial of service attacks.

The technical nature of this vulnerability manifests as a condition that can cause complete denial of service through hang or frequently repeatable crashes of the MySQL Server process. The high privilege requirement suggests that an attacker must already have elevated access rights within the database environment, typically requiring valid authentication credentials with administrative privileges. However, the network accessibility aspect means that even with authenticated access, an attacker could potentially leverage this vulnerability from external network positions. The impact severity of CVSS 4.9 indicates a moderate to high risk level for availability disruption, as the vulnerability can cause repeated system crashes that would require manual intervention to restore service availability.

The operational impact of this vulnerability extends beyond simple service disruption, as repeated crashes can lead to extended downtime for database services and potentially affect dependent applications that rely on MySQL connectivity. Organizations running affected MySQL versions face the risk of service unavailability that could cascade into business continuity issues, particularly in environments where database uptime is critical for application functionality. The vulnerability's ability to cause hangs and crashes suggests that the optimizer component may be processing malformed input or encountering edge cases that lead to system instability. This aligns with ATT&CK framework's focus on service disruption and availability compromise techniques.

Organizations should prioritize immediate patching of affected MySQL versions to mitigate this vulnerability, as the combination of high privilege requirements with network accessibility creates a dangerous attack scenario. The recommended mitigation strategy includes upgrading to patched versions of MySQL Server, implementing network segmentation to limit access to database servers, and monitoring for unusual crash patterns that might indicate exploitation attempts. Additionally, organizations should consider implementing database access controls and privilege management to reduce the risk of unauthorized access to high-privilege accounts that could exploit this vulnerability. Regular vulnerability assessments and penetration testing should be conducted to identify similar weaknesses in database infrastructure that could provide attackers with alternative paths to compromise system availability.

Responsible

Oracle

Reservation

06/12/2025

Disclosure

07/15/2025

Moderation

accepted

CPE

ready

EPSS

0.00559

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!