CVE-2025-21520

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior

Description A difficult to exploit issue allows a high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized read access to a subset of MySQL Server accessible data.

Recommendations For MySQL Server versions 8.0.40 and prior, update to a version later than 8.0.40 to resolve the issue. For MySQL Server versions 8.4.3 and prior, update to a version later than 8.4.3 to resolve the issue. For MySQL Server versions 9.1.0 and prior, update to a version later than 9.1.0 to resolve the issue.

Fix

DoS

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALSA-2025:1671

ALSA-2025:1673

ALT-PU-2025-2529

ALT-PU-2025-2654

ALT-PU-2025-6390

BDU:2025-06263

CESA-2025_1673

CVE-2025-21520

INFSA-2025_1671

INFSA-2025_1673

OESA-2025-1103

RHSA-2025:1671

RHSA-2025:1673

RHSA-2025_1671

RHSA-2025_1673

RLSA-2025:1671

RLSA-2025:1673

Affected Products

Alt Linux

Almalinux

Centos

Mysql Server

Red Hat

Rocky Linux

CVE-2025-21520

Weakness Enumeration

Related Identifiers

Affected Products

References · 194