PT-2024-10245 · Oracle+13 · Mysql Server+12
Published
2024-12-25
·
Updated
2026-04-02
·
CVE-2025-21490
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
MySQL Server versions 8.0.40 and prior
MySQL Server versions 8.4.3 and prior
MySQL Server versions 9.1.0 and prior
Description
The vulnerability in the MySQL Server product of Oracle MySQL, specifically in the InnoDB component, is related to insufficient authorization procedure due to incorrect input validation. This vulnerability can be easily exploited, allowing a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server.
Recommendations
For MySQL Server versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue.
For MySQL Server versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue.
For MySQL Server versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue.
As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.
Fix
DoS
Improper Authorization
Allocation of Resources Without Limits
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Mariadb Server
Mysql Server
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu