CVE-2025-5399

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 8.0.0 Oracle MySQL versions 8.0.0 and earlier Oracle MySQL versions 8.4.0 and earlier Oracle MySQL versions 9.0.0 and earlier

Description A flaw exists in the WebSocket code of libcurl where a malicious server can send a crafted packet, causing libcurl to enter an endless busy-loop. The application has no means to escape this loop other than terminating the thread or process, potentially leading to a denial-of-service (DoS) condition for applications using libcurl. This issue also affects Oracle MySQL through its dependency on libcurl within the Server:Packaging component. Successful exploitation can lead to a hang or frequent crashes of the MySQL Server.

Recommendations libcurl versions prior to 8.0.0: Update to version 8.0.0 or later. Oracle MySQL versions 8.0.0 and earlier: Update to a version later than 8.0.0. Oracle MySQL versions 8.4.0 and earlier: Update to a version later than 8.4.0. Oracle MySQL versions 9.0.0 and earlier: Update to a version later than 9.0.0.