CVE-2025-50087 in MySQL Cluster
Summary
by MITRE • 07/15/2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 12/02/2025
The vulnerability identified as CVE-2025-50087 represents a significant security weakness within Oracle MySQL Server's optimizer component, specifically affecting versions ranging from 8.0.0 through 8.0.42, 8.4.0 through 8.4.5, and 9.0.0 through 9.3.0. This flaw exists within the server's query optimization mechanisms and operates under the Common Weakness Enumeration framework as a weakness related to improper handling of database query execution paths. The vulnerability's classification as easily exploitable indicates that attackers with high privileges and network access can leverage this weakness to compromise the database server's integrity. The CVSS 3.1 base score of 4.9 reflects the severity of the integrity impact, with the vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N indicating network-based exploitation requiring low complexity but high privileges, with no user interaction needed and universal scope.
The technical nature of this vulnerability stems from how the MySQL Server's optimizer processes certain query execution plans, potentially allowing maliciously crafted queries to bypass normal access controls or manipulate the execution flow in ways that could lead to unauthorized data modification. This type of vulnerability falls under the ATT&CK framework's technique T1078 for Valid Accounts and T1566 for Phishing, as attackers would need elevated privileges to exploit this weakness effectively, but once exploited could gain unauthorized access to critical data within the database system. The flaw specifically targets the server's optimizer component, which is responsible for determining the most efficient execution path for database queries, making it a particularly dangerous weakness since it affects the fundamental query processing mechanism that underpins all database operations.
Operationally, the impact of this vulnerability extends beyond simple data integrity concerns, as successful exploitation could enable attackers to create, delete, or modify critical database content without proper authorization. The potential for unauthorized modification access to all MySQL Server accessible data represents a severe threat to database security, particularly in environments where the optimizer component is actively used for complex query processing. Organizations running affected MySQL versions face significant risk of data compromise, with the vulnerability potentially enabling attackers to manipulate business-critical information, alter financial records, or modify user credentials stored within the database. The high privilege requirement for exploitation suggests that this vulnerability is likely to be targeted in scenarios involving compromised administrative accounts or insider threats, where attackers already possess elevated access levels within the database environment.
Mitigation strategies for CVE-2025-50087 should prioritize immediate patching of affected MySQL Server versions to the latest stable releases that contain the relevant security fixes. Organizations should also implement network segmentation and access controls to limit exposure of MySQL servers to untrusted networks, particularly focusing on reducing the attack surface for high-privilege accounts. Database administrators should conduct comprehensive audits of existing database access controls and privilege assignments, implementing the principle of least privilege to minimize potential damage from compromised accounts. Additionally, monitoring systems should be enhanced to detect unusual query patterns or optimization behaviors that might indicate exploitation attempts, while implementing database activity monitoring solutions that can alert on unauthorized data modification operations. The vulnerability's classification under CWE 284 (Improper Access Control) and its potential exploitation paths through ATT&CK techniques T1078 and T1566 emphasize the need for comprehensive security measures that address both the technical flaw and the broader threat landscape surrounding database security.