CVE-2025-21567
First published: Tue Jan 21 2025(Updated: )
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL | <9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-21567?
CVE-2025-21567 has been classified as a high severity vulnerability.
How do I fix CVE-2025-21567?
To fix CVE-2025-21567, upgrade your MySQL Server installation to a version greater than 9.1.0.
Who is affected by CVE-2025-21567?
CVE-2025-21567 affects users of Oracle MySQL Server version 9.1.0 and prior.
Can CVE-2025-21567 be exploited remotely?
Yes, CVE-2025-21567 is easily exploitable by low privileged attackers with network access.
What components of MySQL are impacted by CVE-2025-21567?
CVE-2025-21567 impacts the security privileges component of MySQL Server.
- agent/references
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/description
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/mysql