CVE-2025-21521 – This vulnerability in MySQL Server's thread poo... (How to Fix)

Q: What is the severity of CVE-2025-21521?

CVE-2025-21521 has a CVSS score of 7.5 (HIGH). This vulnerability in MySQL Server's thread pooling component allows unauthenticated attackers with network access to cause a denial of service by crashing or hanging the server. It affects MySQL 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier. The vulnerability is easily exploitable via multiple network protocols.

📋 TL;DR

This vulnerability in MySQL Server's thread pooling component allows unauthenticated attackers with network access to cause a denial of service by crashing or hanging the server. It affects MySQL 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier. The vulnerability is easily exploitable via multiple network protocols.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior

Operating Systems: All operating systems running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Thread Pooling component specifically; all configurations using affected versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Frequent server crashes requiring manual restarts and causing intermittent service outages.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation.

🌐 Internet-Facing: HIGH - Unauthenticated network access makes internet-facing instances highly vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this, but network controls reduce exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Oracle describes this as 'easily exploitable' with unauthenticated network access via multiple protocols.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.40, 8.4.3, 9.0.2 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2025.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Oracle's website. 2. Apply the patch following Oracle's installation procedures. 3. Restart the MySQL service to apply the fix.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to MySQL Server to only trusted IP addresses and applications.

Configure firewall rules to limit MySQL port (default 3306) access

Disable Thread Pooling

all

Disable the thread pooling feature if not required for your deployment.

Set thread_handling=one-thread-per-connection in my.cnf

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit MySQL access
Monitor MySQL logs for crash events and implement automated restart procedures

🔍 How to Verify

Check if Vulnerable:

Check MySQL version with 'SELECT VERSION();' and compare against affected versions.

Check Version:

mysql -e "SELECT VERSION();"

Verify Fix Applied:

Verify version is 8.0.40+, 8.4.3+, or 9.0.2+ after patching.

📡 Detection & Monitoring

Log Indicators:

MySQL crash logs
Unexpected server restarts
Thread pool error messages

Network Indicators:

Multiple connection attempts to MySQL port from single source
Unusual traffic patterns to MySQL

SIEM Query:

source="mysql.log" AND ("crash" OR "restart" OR "thread pool")

📊 Metadata

CVE ID: CVE-2025-21521

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.28% exploit probability (50.9th percentile)

Published: January 21, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21521, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mysql Server by Oracle

Mysql Server by Oracle

Mysql Server by Oracle

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Disable Thread Pooling

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities