CVE-2025-21588

Updated: 2025-08-20 03:12:03.958519

Description:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 4.9

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU mysql 8.0.32 4.9 MEDIUM Ignored 2025-09-22 20:56:47 This issue is exploitable only by an already authenticated, high‑privileged MySQL user, meaning an...
Alpine Linux 3.18 ELS mysql 10.11.11 4.9 MEDIUM Ignored 2025-09-10 13:45:03 Ignored due to low severity
CentOS 6 ELS mysql 5.1.73 4.9 MEDIUM Not Vulnerable 2025-05-30 00:48:22
CentOS 8.4 ELS mysql 8.0.26 4.9 MEDIUM Not Vulnerable 2025-06-12 00:53:56
CentOS 8.5 ELS mysql 8.0.26 4.9 MEDIUM Not Vulnerable 2025-06-12 00:53:55
CentOS Stream 8 ELS mysql 8.0.26 4.9 MEDIUM Not Vulnerable 2025-06-12 00:53:55
CloudLinux 6 ELS mysql 5.1.73 4.9 MEDIUM Not Vulnerable 2025-05-30 00:48:21
Oracle Linux 6 ELS mysql 5.1.73 4.9 MEDIUM Not Vulnerable 2025-05-30 00:48:22
TuxCare 9.6 ESU mysql 8.0.43 4.9 MEDIUM Needs Triage 2025-12-09 21:04:39 This vulnerability is only exploitable by an authenticated attacker with high MySQL privileges, so a...
Ubuntu 20.04 ELS mysql 8.0.41 4.9 MEDIUM Not Vulnerable 2025-06-13 04:09:32