CVE-2025-50085 in MySQL Server
Summary
by MITRE • 07/15/2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 12/02/2025
The vulnerability identified as CVE-2025-50085 represents a critical security flaw within Oracle MySQL Server's InnoDB storage engine component. This vulnerability affects specific version ranges including MySQL 8.0.0 through 8.0.42, 8.4.0 through 8.4.5, and 9.0.0 through 9.3.0, indicating a broad impact across multiple MySQL server versions. The vulnerability's classification as easily exploitable suggests that attackers with high privileges and network access can leverage this weakness to compromise the MySQL server infrastructure. The attack vector requires network access through multiple protocols, making it accessible to adversaries who can establish connections to the database server. This vulnerability's severity is reflected in its CVSS 3.1 base score of 5.5, which combines significant impacts to both integrity and availability. The CVSS vector analysis reveals that while the attack requires high privileges (PR:H), it does not require user interaction (UI:N) and can be executed remotely (AV:N), making it particularly concerning for database administrators and security professionals.
The technical flaw within the InnoDB component manifests as a weakness that can be exploited to cause complete denial of service conditions through hangs or repeated crashes of the MySQL server process. This type of vulnerability directly impacts system availability, potentially rendering database services inaccessible to legitimate users and applications. Additionally, the vulnerability enables unauthorized modification of database content through update, insert, and delete operations on specific data accessible to the compromised server. The integrity impact rating of low (I:L) indicates that while attackers can modify data, the scope of accessible data may be limited compared to the availability impact. The vulnerability's characteristics align with CWE-119, which addresses issues related to improper restriction of operations within a limited access scope, and potentially CWE-121, concerning stack-based buffer overflow conditions. From an operational perspective, this vulnerability creates a significant risk for database environments where high-privilege accounts exist, as these credentials could be exploited to either disrupt services or manipulate data, potentially leading to data corruption or loss.
The operational impact of CVE-2025-50085 extends beyond simple service disruption to encompass potential data integrity compromise and business continuity risks. Organizations running affected MySQL versions face the possibility of unauthorized data modifications that could affect critical business operations, particularly in environments where database consistency and availability are paramount. The vulnerability's potential for causing repeated crashes places additional strain on system monitoring and recovery procedures, as administrators must respond to service interruptions and restore database functionality. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and persistence through database manipulation, as attackers with high privileges can leverage this weakness to maintain access while causing service disruption. The availability impact of high (A:H) suggests that organizations may experience complete service outages, requiring immediate remediation efforts. Security teams should consider this vulnerability in their risk assessment frameworks, particularly when evaluating database security controls and access management policies. The vulnerability's presence in multiple version ranges indicates that organizations across different MySQL server versions require immediate attention and patching strategies to prevent exploitation. Organizations should implement network segmentation and access controls to limit exposure, while also monitoring for potential exploitation attempts through network traffic analysis and database audit logging to detect unauthorized access patterns.