CVE-2025-21574
First published: Tue Apr 15 2025(Updated: )
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL | >=8.0.0<=8.0.41>=8.4.0<=8.4.4>=9.0.0<=9.2.0 | |
| Oracle MySQL Cluster | >=7.6.0<=7.6.33 | |
| Oracle MySQL Cluster | >=8.0.0<=8.0.41 | |
| Oracle MySQL Cluster | >=8.4.0<=8.4.4 | |
| Oracle MySQL Cluster | >=9.0.0<=9.2.0 | |
| MySQL | >=8.0.0<=8.0.41 | |
| MySQL | >=8.4.0<=8.4.4 | |
| MySQL | >=9.0.0<=9.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-21574?
CVE-2025-21574 is considered an easily exploitable vulnerability that can be leveraged by low privileged attackers.
How do I fix CVE-2025-21574?
To mitigate CVE-2025-21574, upgrade your MySQL Server to the latest version where the vulnerability is patched.
Which versions of MySQL Server are affected by CVE-2025-21574?
Affected versions include MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0.
What are the potential impacts of exploiting CVE-2025-21574?
Exploiting CVE-2025-21574 could allow attackers to compromise the MySQL Server with network access via multiple protocols.
How can I determine if my MySQL Server is vulnerable to CVE-2025-21574?
You can check the version of your MySQL Server against the affected versions listed for CVE-2025-21574.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/source
- agent/author
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/weakness
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- vendor/oracle
- canonical/mysql
- canonical/oracle mysql cluster
- version/oracle mysql cluster/7.6.0
- version/oracle mysql cluster/7.6.33
- version/oracle mysql cluster/8.0.0
- version/oracle mysql cluster/8.0.41
- version/oracle mysql cluster/8.4.0
- version/oracle mysql cluster/8.4.4
- version/oracle mysql cluster/9.0.0
- version/oracle mysql cluster/9.2.0
- version/mysql/8.0.0
- version/mysql/8.0.41
- version/mysql/8.4.0
- version/mysql/8.4.4
- version/mysql/9.0.0
- version/mysql/9.2.0