CVE-2025-21566 – This vulnerability in Oracle MySQL Server's opt... (How to Fix)

Q: What is the severity of CVE-2025-21566?

CVE-2025-21566 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Oracle MySQL Server's optimizer component allows attackers with low-privileged network access to cause a denial of service (DoS) by crashing or hanging the server. It affects MySQL Server versions 9.1.0 and earlier. The vulnerability is easily exploitable via multiple network protocols.

📋 TL;DR

This vulnerability in Oracle MySQL Server's optimizer component allows attackers with low-privileged network access to cause a denial of service (DoS) by crashing or hanging the server. It affects MySQL Server versions 9.1.0 and earlier. The vulnerability is easily exploitable via multiple network protocols.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 9.1.0 and prior

Operating Systems: All operating systems running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires low-privileged attacker access via network protocols (e.g., MySQL protocol).

📦 What is this software?

Mysql Server by Oracle

View all CVEs affecting Mysql Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Frequent server crashes requiring manual restarts, causing intermittent service outages.

🟢

If Mitigated

Limited impact if network access is restricted and proper authentication controls are in place.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely via network protocols without user interaction.

🏢 Internal Only: MEDIUM - Internal attackers with low privileges can still cause DoS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CVSS indicates low attack complexity; requires low-privileged credentials but no user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Oracle Critical Patch Update Advisory for specific fixed version

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2025.html

Restart Required: Yes

Instructions:

1. Review Oracle Critical Patch Update Advisory for January 2025. 2. Apply the recommended patch for MySQL Server. 3. Restart MySQL service after patching.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit MySQL server access to trusted IP addresses only

Configure MySQL bind-address to specific IPs in my.cnf
Use firewall rules to restrict MySQL port (default 3306) access

Minimize User Privileges

all

Apply principle of least privilege to MySQL user accounts

REVOKE unnecessary privileges from low-privileged users
GRANT only required permissions for specific databases/tables

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit MySQL access
Monitor for unusual connection patterns and server crash events

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version is 9.1.0 or earlier, system is vulnerable.

Check Version:

mysql --version or SELECT VERSION();

Verify Fix Applied:

Verify MySQL version is updated beyond 9.1.0 and check Oracle advisory for specific fixed version.

📡 Detection & Monitoring

Log Indicators:

MySQL error logs showing unexpected crashes
Authentication logs showing failed connection attempts from unusual sources
Process monitoring showing MySQL service restarts

Network Indicators:

Unusual traffic patterns to MySQL port 3306
Multiple connection attempts from single sources

SIEM Query:

source="mysql.log" ("crash" OR "segmentation fault" OR "aborted")

📊 Metadata

CVE ID: CVE-2025-21566

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-732

EPSS Score: 0.25% exploit probability (47.6th percentile)

Published: January 21, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21566, you might also want to check these: