CVE-2025-21520
Severity Score
1.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-12-24 CVE Reserved
- 2025-01-21 CVE Published
- 2025-01-22 CVE Updated
- 2025-01-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2025.html | 2025-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Cluster Search vendor "Oracle Corporation" for product "MySQL Cluster" | <= 7.6.32 Search vendor "Oracle Corporation" for product "MySQL Cluster" and version " <= 7.6.32" | en |
Affected
| ||||||
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Cluster Search vendor "Oracle Corporation" for product "MySQL Cluster" | <= 8.0.40 Search vendor "Oracle Corporation" for product "MySQL Cluster" and version " <= 8.0.40" | en |
Affected
| ||||||
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Cluster Search vendor "Oracle Corporation" for product "MySQL Cluster" | <= 8.4.3 Search vendor "Oracle Corporation" for product "MySQL Cluster" and version " <= 8.4.3" | en |
Affected
| ||||||
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Cluster Search vendor "Oracle Corporation" for product "MySQL Cluster" | <= 9.1.0 Search vendor "Oracle Corporation" for product "MySQL Cluster" and version " <= 9.1.0" | en |
Affected
| ||||||
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Server Search vendor "Oracle Corporation" for product "MySQL Server" | <= 8.0.40 Search vendor "Oracle Corporation" for product "MySQL Server" and version " <= 8.0.40" | en |
Affected
| ||||||
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Server Search vendor "Oracle Corporation" for product "MySQL Server" | <= 8.4.3 Search vendor "Oracle Corporation" for product "MySQL Server" and version " <= 8.4.3" | en |
Affected
| ||||||
| Oracle Corporation Search vendor "Oracle Corporation" | MySQL Server Search vendor "Oracle Corporation" for product "MySQL Server" | <= 9.1.0 Search vendor "Oracle Corporation" for product "MySQL Server" and version " <= 9.1.0" | en |
Affected
| ||||||