Vulnerability-Lookup

CVE-2025-21520 (GCVE-0-2025-21520)

Vulnerability from cvelistv5 – Published: 2025-01-21 20:53 – Updated: 2025-11-03 20:57

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).

Severity ?

1.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CWE

Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data.

Assigner

oracle

References

URL

Tags

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

Oracle Corporation

MySQL Cluster

Affected: * , ≤ 7.6.32 (custom)
Affected: * , ≤ 8.0.40 (custom)
Affected: * , ≤ 8.4.3 (custom)
Affected: * , ≤ 9.1.0 (custom)
    cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*

Oracle Corporation

MySQL Server

Affected: * , ≤ 8.0.40 (custom)
Affected: * , ≤ 8.4.3 (custom)
Affected: * , ≤ 9.1.0 (custom)
    cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21520",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-22T18:35:04.827489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-22T18:35:43.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:57:46.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*"
          ],
          "product": "MySQL Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.6.32",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.40",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.3",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
          ],
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.40",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.3",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.1.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Cluster accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T20:53:04.217Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21520",
    "datePublished": "2025-01-21T20:53:04.217Z",
    "dateReserved": "2024-12-24T23:18:54.766Z",
    "dateUpdated": "2025-11-03T20:57:46.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21520\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-22T18:35:04.827489Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-22T18:35:38.770Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 1.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*\"], \"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Cluster\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.6.32\"}, {\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.40\"}, {\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.4.3\"}, {\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1.0\"}]}, {\"cpes\": [\"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*\"], \"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.40\"}, {\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.4.3\"}, {\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1.0\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2025.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Cluster accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2025-01-21T20:53:04.217Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21520\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-22T18:35:43.370Z\", \"dateReserved\": \"2024-12-24T23:18:54.766Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2025-01-21T20:53:04.217Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0054

Vulnerability from certfr_avis - Published: 2025-01-22 - Updated: 2025-01-22

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Enterprise Backup version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Options) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Options) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Components Services) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Packaging) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Information Schema) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Parser) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Security: Privileges) version 8.4.2 et antérieures
Oracle	MySQL	MySQL Server (Server: Packaging) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 8.0.36 et antérieures
Oracle	MySQL	MySQL Server (Server: DDL) version 8.0.39 et antérieures
Oracle	MySQL	MySQL Server (Server: Packaging) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Components Services) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 8.4.0
Oracle	MySQL	MySQL Server (InnoDB) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (InnoDB) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Parser) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: DDL) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Packaging) version 9.0.1 et antérieures
Oracle	MySQL	MySQL Enterprise Backup version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 8.4.2 et antérieures
Oracle	MySQL	MySQL Server (Server: Information Schema) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Performance Schema) version 9.0.1 et antérieures
Oracle	MySQL	MySQL Enterprise Backup version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Thread Pooling) version 8.4.2 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 9.0.1 et antérieures
Oracle	MySQL	MySQL Server (Server: Packaging) version 8.0.39 et antérieures
Oracle	MySQL	MySQL Server (Server: Security: Privileges) version 9.0.1 et antérieures
Oracle	MySQL	MySQL Server (Server: Thread Pooling) version 9.0.1 et antérieures
Oracle	MySQL	MySQL Server (Server: Security: Privileges) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: DDL) version 8.4.2 et antérieures
Oracle	MySQL	MySQL Server (InnoDB) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: DDL) version 9.0.1 et antérieures
Oracle	MySQL	MySQL Server (Server: Security: Privileges) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Performance Schema) version 8.4.2 et antérieures
Oracle	MySQL	MySQL Connectors (Connector/Python) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Information Schema) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Cluster version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Cluster version 7.6.32 et antérieures
Oracle	MySQL	MySQL Server (Server: Security: Privileges) version 8.0.39 et antérieures
Oracle	MySQL	MySQL Cluster version 8.4.3 et antérieures
Oracle	MySQL	MySQL Enterprise Firewall (Firewall) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Components Services) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Cluster version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: Security: Privileges) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Enterprise Firewall (Firewall) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Enterprise Firewall (Firewall) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Parser) version 8.0.40 et antérieures
Oracle	MySQL	MySQL Server (Server: DDL) version 8.4.3 et antérieures
Oracle	MySQL	MySQL Server (Server: Packaging) version 8.4.2 et antérieures
Oracle	MySQL	MySQL Server (Server: Performance Schema) version 8.0.39 et antérieures
Oracle	MySQL	MySQL Server (Server: Options) version 9.1.0 et antérieures
Oracle	MySQL	MySQL Server (Server: Thread Pooling) version 8.0.39 et antérieures
Oracle	MySQL	MySQL Server (Server: Optimizer) version 8.0.39 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle MySQL cpujan2025

2025-01-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Enterprise Backup version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Options) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Options) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Components Services) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Packaging) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Information Schema) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Parser) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Security: Privileges) version 8.4.2 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Packaging) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 8.0.36 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: DDL) version 8.0.39 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Packaging) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Components Services) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 8.4.0",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (InnoDB) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (InnoDB) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Parser) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: DDL) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Packaging) version 9.0.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Backup version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 8.4.2 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Information Schema) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Performance Schema) version 9.0.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Backup version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Thread Pooling) version 8.4.2 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 9.0.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Packaging) version 8.0.39 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Security: Privileges) version 9.0.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Thread Pooling) version 9.0.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Security: Privileges) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: DDL) version 8.4.2 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (InnoDB) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: DDL) version 9.0.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Security: Privileges) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Performance Schema) version 8.4.2 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors (Connector/Python) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Information Schema) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster version 7.6.32 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Security: Privileges) version 8.0.39 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Firewall (Firewall) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Components Services) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Security: Privileges) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Firewall (Firewall) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Firewall (Firewall) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Parser) version 8.0.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: DDL) version 8.4.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Packaging) version 8.4.2 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Performance Schema) version 8.0.39 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Options) version 9.1.0 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Thread Pooling) version 8.0.39 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server (Server: Optimizer) version 8.0.39 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-37370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
    },
    {
      "name": "CVE-2025-21500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
    },
    {
      "name": "CVE-2025-21503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
    },
    {
      "name": "CVE-2025-21543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
    },
    {
      "name": "CVE-2025-21494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21494"
    },
    {
      "name": "CVE-2025-21519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
    },
    {
      "name": "CVE-2025-21566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21566"
    },
    {
      "name": "CVE-2025-21534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21534"
    },
    {
      "name": "CVE-2025-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
    },
    {
      "name": "CVE-2025-21501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2025-21521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21521"
    },
    {
      "name": "CVE-2025-21492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21492"
    },
    {
      "name": "CVE-2025-21531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
    },
    {
      "name": "CVE-2025-21555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2025-21495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21495"
    },
    {
      "name": "CVE-2025-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
    },
    {
      "name": "CVE-2025-21548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21548"
    },
    {
      "name": "CVE-2025-21499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
    },
    {
      "name": "CVE-2025-21536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21536"
    },
    {
      "name": "CVE-2025-21525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21525"
    },
    {
      "name": "CVE-2025-21490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
    },
    {
      "name": "CVE-2025-21520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
    },
    {
      "name": "CVE-2025-21493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
    },
    {
      "name": "CVE-2025-21491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
    },
    {
      "name": "CVE-2025-21529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
    },
    {
      "name": "CVE-2025-21559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
    },
    {
      "name": "CVE-2025-21504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21504"
    },
    {
      "name": "CVE-2025-21523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
    },
    {
      "name": "CVE-2025-21518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
    },
    {
      "name": "CVE-2025-21497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
    },
    {
      "name": "CVE-2025-21567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21567"
    },
    {
      "name": "CVE-2025-21522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
    },
    {
      "name": "CVE-2025-21546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
    },
    {
      "name": "CVE-2024-37371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
    }
  ],
  "initial_release_date": "2025-01-22T00:00:00",
  "last_revision_date": "2025-01-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0054",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": "2025-01-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujan2025",
      "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
    }
  ]
}

CERTFR-2025-AVI-0661

Vulnerability from certfr_avis - Published: 2025-08-07 - Updated: 2025-08-07

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Splunk	N/A	AppDynamics Cluster Agent versions antérieures à 25.6.0
	Splunk	N/A	AppDynamics On-Premise Enterprise Console versions antérieures à 25.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2025-0802	2025-08-06	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0801	2025-08-06	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 25.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": " AppDynamics On-Premise Enterprise Console versions ant\u00e9rieures \u00e0 25.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2022-48564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2025-21500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-21503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
    },
    {
      "name": "CVE-2025-21543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
    },
    {
      "name": "CVE-2024-23944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
    },
    {
      "name": "CVE-2024-47601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47601"
    },
    {
      "name": "CVE-2025-21519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
    },
    {
      "name": "CVE-2024-47544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2024-47538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
    },
    {
      "name": "CVE-2024-47545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2022-38398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2025-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2024-4761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"
    },
    {
      "name": "CVE-2025-21501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
    },
    {
      "name": "CVE-2024-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
    },
    {
      "name": "CVE-2022-48285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
    },
    {
      "name": "CVE-2019-9674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2020-10650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2022-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2018-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
    },
    {
      "name": "CVE-2024-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
    },
    {
      "name": "CVE-2024-47602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47602"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-47541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
    },
    {
      "name": "CVE-2024-47774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47774"
    },
    {
      "name": "CVE-2023-50186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50186"
    },
    {
      "name": "CVE-2024-47599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47599"
    },
    {
      "name": "CVE-2024-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2024-47540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
    },
    {
      "name": "CVE-2023-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
    },
    {
      "name": "CVE-2023-0833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
    },
    {
      "name": "CVE-2024-47542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2025-21531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2025-21555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
    },
    {
      "name": "CVE-2024-47546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
    },
    {
      "name": "CVE-2024-47607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2025-27888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27888"
    },
    {
      "name": "CVE-2024-47537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2024-52979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2023-6992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6992"
    },
    {
      "name": "CVE-2025-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2024-47778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
    },
    {
      "name": "CVE-2022-24823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
    },
    {
      "name": "CVE-2024-5642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2018-12022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2024-47777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2021-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
    },
    {
      "name": "CVE-2024-47543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47543"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2024-47600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2025-21490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
    },
    {
      "name": "CVE-2024-47835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2024-47597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
    },
    {
      "name": "CVE-2025-21520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
    },
    {
      "name": "CVE-2024-47539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
    },
    {
      "name": "CVE-2021-23413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2022-4899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2022-40146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2022-42890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2025-21491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2024-47598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47598"
    },
    {
      "name": "CVE-2024-47603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47603"
    },
    {
      "name": "CVE-2022-38648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
    },
    {
      "name": "CVE-2025-21529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
    },
    {
      "name": "CVE-2025-21559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2025-21523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
    },
    {
      "name": "CVE-2025-21518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2024-47615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2025-21497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2024-47776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
    },
    {
      "name": "CVE-2024-47834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47834"
    },
    {
      "name": "CVE-2024-47775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2025-21522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2025-21546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2022-41704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    }
  ],
  "initial_release_date": "2025-08-07T00:00:00",
  "last_revision_date": "2025-08-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0661",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2025-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0802",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0802"
    },
    {
      "published_at": "2025-08-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0801",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0801"
    }
  ]
}

CNVD-2025-02312

Vulnerability from cnvd - Published: 2025-01-24

Title

Oracle MySQL Server存在未明漏洞（CNVD-2025-02312）

Description

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。MySQL Server是其中的一个数据库服务器组件。 Oracle MySQL的MySQL Server存在安全漏洞。攻击者可利用该漏洞读取访问MySQL Server可访问数据的子集。

Severity

低

Patch Name

Oracle MySQL Server存在未明漏洞（CNVD-2025-02312）的补丁

Patch Description

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。MySQL Server是其中的一个数据库服务器组件。 Oracle MySQL的MySQL Server存在安全漏洞。攻击者可利用该漏洞读取访问MySQL Server可访问数据的子集。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/security-alerts/cpujan2025.html

Reference

https://www.oracle.com/security-alerts/cpujan2025.html

Impacted products

Name
['Oracle MySQL Server <=8.0.40', 'Oracle MySQL Server <=8.4.', 'Oracle MySQL Server 9.1.0', 'Oracle MySQL Cluster <=7.6.32', 'Oracle MySQL Cluster <=8.0.40', 'Oracle MySQL Cluster <=8.4.3', 'Oracle MySQL Cluster <=9.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-21520",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-21520"
    }
  },
  "description": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002MySQL Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6570\u636e\u5e93\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\n\nOracle MySQL\u7684MySQL Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8bbf\u95eeMySQL Server\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujan2025.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-02312",
  "openTime": "2025-01-24",
  "patchDescription": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002MySQL Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6570\u636e\u5e93\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\nOracle MySQL\u7684MySQL Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8bbf\u95eeMySQL Server\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2025-02312\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle MySQL Server \u003c=8.0.40",
      "Oracle MySQL Server \u003c=8.4.",
      "Oracle MySQL Server 9.1.0",
      "Oracle MySQL Cluster \u003c=7.6.32",
      "Oracle MySQL Cluster \u003c=8.0.40",
      "Oracle MySQL Cluster \u003c=8.4.3",
      "Oracle MySQL Cluster \u003c=9.1.0"
    ]
  },
  "referenceLink": "https://www.oracle.com/security-alerts/cpujan2025.html",
  "serverity": "\u4f4e",
  "submitTime": "2025-01-24",
  "title": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2025-02312\uff09"
}

CVE-2025-21520

Vulnerability from fstec - Published: 21.01.2025

Title

Уязвимость компонента Server:Options системы управления базами данных Oracle MySQL Server и компонента Cluster:General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ на чтение защищаемой информации

Description

Уязвимость компонента Server:Options системы управления базами данных Oracle MySQL Server и компонента Cluster:General системы управления базами данных MySQL Cluster связана с неправильным присвоением разрешений для критичного ресурса. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ на чтение защищаемой информации

Severity ?


                    
                      AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Vendor

Red Hat Inc., АО «ИВК», Oracle Corp.

Software Name

Red Hat Enterprise Linux, Альт 8 СП (запись в едином реестре российских программ №4305), MySQL Cluster, MySQL Server

Software Version

8 (Red Hat Enterprise Linux), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), до 7.6.32 включительно (MySQL Cluster), до 8.0.40 включительно (MySQL Cluster), до 8.4.3 включительно (MySQL Cluster), до 8.0.40 включительно (MySQL Server), до 8.4.3 включительно (MySQL Server), до 9.1.0 включительно (MySQL Server), до 9.1.0 включительно (MySQL Cluster)

Possible Mitigations

Использование рекомендаций производителя: Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpujan2025.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2025-21520 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/

Reference

https://www.oracle.com/security-alerts/cpujan2025.html https://access.redhat.com/security/cve/cve-2025-21520 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-732

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), \u0434\u043e 7.6.32 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Cluster), \u0434\u043e 8.0.40 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Cluster), \u0434\u043e 8.4.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Cluster), \u0434\u043e 8.0.40 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 8.4.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 9.1.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 9.1.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Cluster)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2025.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2025-21520\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.01.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.06.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-06263",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-21520",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), MySQL Cluster, MySQL Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server:Options \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL Server \u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Cluster:General \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL Cluster, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (CWE-732)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server:Options \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL Server \u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Cluster:General \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL Cluster \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0438\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/security-alerts/cpujan2025.html\nhttps://access.redhat.com/security/cve/cve-2025-21520\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-732",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,8)"
}

GHSA-394G-2WXX-RV2J

Vulnerability from github – Published: 2025-01-21 21:30 – Updated: 2025-11-03 21:32

Details

Severity ?

1.8 (Low)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-21520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T21:15:17Z",
    "severity": "LOW"
  },
  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).",
  "id": "GHSA-394g-2wxx-rv2j",
  "modified": "2025-11-03T21:32:18Z",
  "published": "2025-01-21T21:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21520"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250131-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2025-21520

Vulnerability from osv_almalinux

Published

2025-02-19 00:00

Modified

2025-02-20 11:16

Summary

Important: mysql:8.0 security update

Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
krb5: GSS message token handling (CVE-2024-37371)
curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
curl: curl netrc password leak (CVE-2024-11053)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-2.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-2.module_el8.6.0+3340+d764b636"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-2.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-2.module_el8.6.0+3340+d764b636"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-17.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic-EUCJP"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-17.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-errmsg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-1.module_el8.10.0+3965+b415b607"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  \n\nSecurity Fix(es):  \n\n  * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)\n  * krb5: GSS message token handling (CVE-2024-37371)\n  * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)\n  * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)\n  * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)\n  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)\n  * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)\n  * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)\n  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)\n  * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)\n  * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)\n  * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)\n  * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)\n  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)\n  * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)\n  * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)\n  * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)\n  * curl: curl netrc password leak (CVE-2024-11053)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)\n  * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)\n  * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)\n  * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)\n  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)\n  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)\n  * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)\n  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)\n  * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)\n  * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)\n  * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)\n  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)\n  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)\n  * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)\n  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)\n  * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)\n  * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:1673",
  "modified": "2025-02-20T11:16:10Z",
  "published": "2025-02-19T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:1673"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-11053"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21193"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21194"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21196"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21197"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21198"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21199"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21201"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21203"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21212"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21213"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21218"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21219"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21230"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21231"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21236"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21237"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21238"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21239"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21241"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-37371"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-5535"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7264"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21490"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21491"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21494"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21497"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21500"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21501"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21503"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21504"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21505"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21518"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21519"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21520"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21521"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21522"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21523"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21525"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21531"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21534"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21540"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21543"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21546"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21555"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21559"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2294581"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2294676"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2301888"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318857"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318858"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318870"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318873"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318874"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318876"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318882"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318883"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318884"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318885"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318886"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318897"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318900"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318905"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318914"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318922"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318923"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318925"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318926"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318927"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2331191"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339218"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339220"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339221"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339226"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339231"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339236"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339238"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339243"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339247"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339252"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339259"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339266"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339270"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339271"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339275"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339277"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339281"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339293"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339299"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339305"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-1673.html"
    }
  ],
  "related": [
    "CVE-2024-5535",
    "CVE-2024-37371",
    "CVE-2024-7264",
    "CVE-2024-21238",
    "CVE-2024-21196",
    "CVE-2024-21241",
    "CVE-2024-21231",
    "CVE-2024-21197",
    "CVE-2024-21218",
    "CVE-2024-21201",
    "CVE-2024-21236",
    "CVE-2024-21237",
    "CVE-2024-21203",
    "CVE-2024-21212",
    "CVE-2024-21219",
    "CVE-2024-21230",
    "CVE-2024-21213",
    "CVE-2024-21194",
    "CVE-2024-21199",
    "CVE-2024-21193",
    "CVE-2024-21198",
    "CVE-2024-21247",
    "CVE-2024-21239",
    "CVE-2024-11053",
    "CVE-2025-21497",
    "CVE-2025-21520",
    "CVE-2025-21490",
    "CVE-2025-21529",
    "CVE-2025-21531",
    "CVE-2025-21504",
    "CVE-2025-21540",
    "CVE-2025-21555",
    "CVE-2025-21543",
    "CVE-2025-21491",
    "CVE-2025-21525",
    "CVE-2025-21536",
    "CVE-2025-21521",
    "CVE-2025-21501",
    "CVE-2025-21534",
    "CVE-2025-21494",
    "CVE-2025-21519",
    "CVE-2025-21522",
    "CVE-2025-21503",
    "CVE-2025-21518",
    "CVE-2025-21559",
    "CVE-2025-21546",
    "CVE-2025-21500",
    "CVE-2025-21523",
    "CVE-2025-21505"
  ],
  "summary": "Important: mysql:8.0 security update"
}

cve-2025-21520

Vulnerability from osv_almalinux

Published

2025-02-19 00:00

Modified

2025-02-20 14:55

Summary

Important: mysql security update

Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
krb5: GSS message token handling (CVE-2024-37371)
curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
curl: curl netrc password leak (CVE-2024-11053)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-errmsg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mysql-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41-2.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.  \n\nSecurity Fix(es):  \n\n  * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)\n  * krb5: GSS message token handling (CVE-2024-37371)\n  * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)\n  * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)\n  * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)\n  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)\n  * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)\n  * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)\n  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)\n  * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)\n  * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)\n  * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)\n  * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)\n  * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)\n  * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)\n  * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)\n  * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)\n  * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)\n  * curl: curl netrc password leak (CVE-2024-11053)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)\n  * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)\n  * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)\n  * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)\n  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)\n  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)\n  * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)\n  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)\n  * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)\n  * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)\n  * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)\n  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)\n  * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)\n  * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)\n  * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)\n  * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)\n  * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)\n  * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)\n  * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:1671",
  "modified": "2025-02-20T14:55:32Z",
  "published": "2025-02-19T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:1671"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-11053"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21193"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21194"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21196"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21197"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21198"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21199"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21201"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21203"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21212"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21213"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21218"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21219"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21230"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21231"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21236"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21237"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21238"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21239"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21241"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21247"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-37371"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-5535"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7264"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21490"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21491"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21494"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21497"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21500"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21501"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21503"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21504"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21505"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21518"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21519"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21520"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21521"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21522"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21523"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21525"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21529"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21531"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21534"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21536"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21540"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21543"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21546"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21555"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-21559"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2294581"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2294676"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2301888"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318857"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318858"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318870"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318873"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318874"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318876"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318882"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318883"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318884"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318885"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318886"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318897"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318900"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318905"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318914"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318922"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318923"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318925"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318926"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2318927"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2331191"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339218"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339220"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339221"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339226"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339231"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339236"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339238"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339243"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339247"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339252"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339259"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339266"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339270"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339271"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339275"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339277"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339281"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339293"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339299"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339305"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-1671.html"
    }
  ],
  "related": [
    "CVE-2024-5535",
    "CVE-2024-37371",
    "CVE-2024-7264",
    "CVE-2024-21238",
    "CVE-2024-21196",
    "CVE-2024-21241",
    "CVE-2024-21231",
    "CVE-2024-21197",
    "CVE-2024-21218",
    "CVE-2024-21201",
    "CVE-2024-21236",
    "CVE-2024-21237",
    "CVE-2024-21203",
    "CVE-2024-21212",
    "CVE-2024-21219",
    "CVE-2024-21230",
    "CVE-2024-21213",
    "CVE-2024-21194",
    "CVE-2024-21199",
    "CVE-2024-21193",
    "CVE-2024-21198",
    "CVE-2024-21247",
    "CVE-2024-21239",
    "CVE-2024-11053",
    "CVE-2025-21497",
    "CVE-2025-21520",
    "CVE-2025-21490",
    "CVE-2025-21529",
    "CVE-2025-21531",
    "CVE-2025-21504",
    "CVE-2025-21540",
    "CVE-2025-21555",
    "CVE-2025-21543",
    "CVE-2025-21491",
    "CVE-2025-21525",
    "CVE-2025-21536",
    "CVE-2025-21521",
    "CVE-2025-21501",
    "CVE-2025-21534",
    "CVE-2025-21494",
    "CVE-2025-21519",
    "CVE-2025-21522",
    "CVE-2025-21503",
    "CVE-2025-21518",
    "CVE-2025-21559",
    "CVE-2025-21546",
    "CVE-2025-21500",
    "CVE-2025-21523",
    "CVE-2025-21505"
  ],
  "summary": "Important: mysql security update"
}

FKIE_CVE-2025-21520

Vulnerability from fkie_nvd - Published: 2025-01-21 21:15 - Updated: 2025-11-03 21:18

Severity ?

1.8 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2025.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250131-0004/

Impacted products

Vendor	Product	Version
oracle	mysql_cluster	*
oracle	mysql_cluster	*
oracle	mysql_cluster	*
oracle	mysql_cluster	*
oracle	mysql_server	*
oracle	mysql_server	*
oracle	mysql_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AFAE8F8-2FAD-4A31-9AAD-93DCA1AA990E",
              "versionEndIncluding": "7.6.32",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42E28B08-50A1-422B-9181-191B6C40F226",
              "versionEndIncluding": "8.0.40",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "075176A9-E7B6-4ED3-8E2D-5F5034853EFC",
              "versionEndIncluding": "8.4.3",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9CBDD9-F240-4C17-9211-E16344DD6B12",
              "versionEndIncluding": "9.1.0",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF091998-B545-474D-A31F-ED2C971AA64A",
              "versionEndIncluding": "8.0.40",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10E8F6D-041F-410A-90BA-461AD19DB569",
              "versionEndIncluding": "8.4.3",
              "versionStartIncluding": "8.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5CCDEC-E9CF-4D97-AA17-39DF462918AB",
              "versionEndIncluding": "9.1.0",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Options). Las versiones compatibles afectadas son 8.0.40 y anteriores, 8.4.3 y anteriores y 9.1.0 y anteriores. Esta vulnerabilidad, que es dif\u00edcil de explotar, permite que un atacante con privilegios elevados y que inicie sesi\u00f3n en la infraestructura donde se ejecuta MySQL Server pueda comprometer MySQL Server. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server. Puntuaci\u00f3n base CVSS 3.1 1.8 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2025-21520",
  "lastModified": "2025-11-03T21:18:56.933",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 1.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-21T21:15:17.537",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-21520 (GCVE-0-2025-21520)

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature