CVE-2025-21494 – This vulnerability in MySQL Server's privilege ... (How to Fix)

Q: What is the severity of CVE-2025-21494?

CVE-2025-21494 has a CVSS score of 4.1 (MEDIUM). This vulnerability in MySQL Server's privilege management component allows authenticated attackers with high privileges to cause denial of service by crashing or hanging the server. It affects MySQL versions 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier. Exploitation requires local access to the MySQL server infrastructure.

📋 TL;DR

This vulnerability in MySQL Server's privilege management component allows authenticated attackers with high privileges to cause denial of service by crashing or hanging the server. It affects MySQL versions 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier. Exploitation requires local access to the MySQL server infrastructure.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior

Operating Systems: All operating systems running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker with high database privileges and local access to MySQL server infrastructure

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete MySQL Server outage causing application downtime and service disruption

🟠

Likely Case

Intermittent service disruption requiring server restart

🟢

If Mitigated

Minimal impact due to existing access controls and monitoring

🌐 Internet-Facing: LOW - Requires local access to infrastructure

🏢 Internal Only: MEDIUM - Requires high-privileged database access but could impact critical services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires high privileges and local access

Oracle rates this as 'Difficult to exploit' with high privileges required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.40, 8.4.3, 9.0.2 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2025.html

Restart Required: Yes

Instructions:

1. Download latest MySQL version from Oracle website. 2. Backup databases. 3. Stop MySQL service. 4. Install updated version. 5. Start MySQL service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local system access to MySQL server to only authorized administrators

# Use firewall rules to restrict access
sudo ufw deny from any to any port 3306
# Or use MySQL bind-address configuration
bind-address = 127.0.0.1

Privilege Reduction

all

Review and reduce high-privilege database accounts to minimum required permissions

# Review current privileges
SHOW GRANTS FOR 'username'@'hostname';
# Revoke unnecessary privileges
REVOKE ALL PRIVILEGES ON *.* FROM 'username'@'hostname';
GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO 'username'@'hostname';

🧯 If You Can't Patch

Implement strict access controls to limit who has high-privilege database accounts
Deploy monitoring and alerting for MySQL crash/restart events

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); and compare against affected versions

Check Version:

mysql --version OR SELECT VERSION();

Verify Fix Applied:

After patching: SELECT VERSION(); should show 8.0.40+, 8.4.3+, or 9.0.2+

📡 Detection & Monitoring

Log Indicators:

MySQL crash logs
Unexpected service restarts
Error messages related to privilege operations

Network Indicators:

Unusual local connection patterns to MySQL
Multiple failed connection attempts from localhost

SIEM Query:

source="mysql.log" AND ("crash" OR "segmentation fault" OR "aborted")

📊 Metadata

CVE ID: CVE-2025-21494

CVSS v3 Score: 4.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: January 21, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21494, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mysql Server by Oracle

Mysql Server by Oracle

Mysql Server by Oracle

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

Privilege Reduction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities