CVE-2025-50086 in MySQL Serverinfo

Summary

by MITRE • 07/15/2025

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 12/02/2025

This vulnerability exists within the MySQL Server component known as Server: Components Services and affects multiple version ranges including 8.0.0 through 8.0.42 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0. The flaw represents a significant availability risk that can be exploited by attackers with high privileges and network access through various protocols. The vulnerability classification as easily exploitable indicates that the attack vector requires minimal technical sophistication while the high privilege requirement suggests that an attacker must already have elevated access levels to the system. The CVSS 3.1 score of 4.9 reflects the moderate severity of the availability impact with the vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H indicating network access is required but with low attack complexity and high privilege requirements.

The technical nature of this vulnerability allows for complete denial of service conditions where successful exploitation can cause the MySQL Server to hang or repeatedly crash. This represents a critical operational impact as database services would become unavailable to legitimate users and applications relying on the database infrastructure. The vulnerability specifically targets the Server: Components Services component which suggests the flaw may be related to how the server handles component initialization or management processes. The fact that this affects multiple major version streams indicates a fundamental architectural issue rather than a simple coding error that might be isolated to a specific release.

The operational implications extend beyond simple service disruption as database availability is fundamental to most enterprise applications and services. Organizations running affected MySQL versions face potential business continuity issues when this vulnerability is exploited, particularly in mission-critical environments where database uptime is essential. The high privilege requirement suggests that the vulnerability might be exploitable through compromised accounts or insider threats rather than purely external attacks, making it particularly concerning for organizations with weak privilege controls or insider threat vulnerabilities. This aligns with ATT&CK framework concepts related to privilege escalation and persistence mechanisms where attackers with elevated access can leverage such weaknesses to cause service disruption.

Security teams should prioritize patching affected systems as soon as possible since the vulnerability's ease of exploitation combined with its availability impact makes it attractive to threat actors seeking to disrupt services. The vulnerability's presence across multiple version ranges including the latest major releases indicates that organizations should conduct comprehensive inventory assessments to identify all affected systems. Mitigation strategies should include implementing network segmentation to limit access to MySQL services, enforcing strict privilege controls, and monitoring for unusual connection patterns or service disruptions that might indicate exploitation attempts. Organizations should also consider implementing intrusion detection systems capable of identifying potential exploitation attempts targeting this specific vulnerability. The vulnerability's impact on component services suggests that proper monitoring of service health and component initialization processes should be part of the overall security posture. Compliance with industry standards such as those outlined in the CWE database regarding component service management and availability protection should be reviewed to ensure proper controls are in place. Organizations should also consider implementing automated patch management processes to reduce the window of exposure for such vulnerabilities. The CVSS scoring indicates that while the attack complexity is low, the availability impact is significant enough that organizations should treat this as a medium to high priority vulnerability requiring immediate attention and remediation.

Responsible

Oracle

Reservation

06/12/2025

Disclosure

07/15/2025

Moderation

accepted

CPE

ready

EPSS

0.00517

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!