CVE-2025-21501

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior

Description The issue is related to the Server: Optimizer component of MySQL Server, which can be easily exploited by an attacker with low privileges and network access via multiple protocols. This can lead to unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, impacting its availability. The exploitation can occur remotely, allowing the attacker to potentially access or modify protected information and data through the MySQL network protocol.

Recommendations For versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue. For versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue. For versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue. As a temporary workaround, consider restricting network access to MySQL Server to minimize the risk of exploitation.