CVE-2025-21575 – A vulnerability in MySQL Server's parser compon... (How to Fix)

Q: What is the severity of CVE-2025-21575?

CVE-2025-21575 has a CVSS score of 6.5 (MEDIUM). A vulnerability in MySQL Server's parser component allows low-privileged attackers with network access to cause denial of service by crashing or hanging the server. This affects MySQL versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. Attackers need only low privileges and network connectivity via multiple protocols.

📋 TL;DR

A vulnerability in MySQL Server's parser component allows low-privileged attackers with network access to cause denial of service by crashing or hanging the server. This affects MySQL versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. Attackers need only low privileges and network connectivity via multiple protocols.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0

Operating Systems: All platforms running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the parser component; requires low privileged account and network access via MySQL protocols.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MySQL Server leading to application downtime and service disruption.

🟠

Likely Case

Intermittent or sustained denial of service affecting database-dependent applications.

🟢

If Mitigated

Limited impact if network access is restricted and least privilege principles are enforced.

🌐 Internet-Facing: HIGH - Network accessible with low attack complexity and low privilege requirements.

🏢 Internal Only: MEDIUM - Still exploitable by internal users but requires network access to MySQL.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CVSS indicates easily exploitable with low attack complexity; requires low privileged credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 8.0.41, 8.4.4, and 9.2.0 (check Oracle advisory for exact fixed versions)

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2025.html

Restart Required: Yes

Instructions:

1. Review Oracle CPU advisory for exact fixed versions. 2. Apply MySQL patches from Oracle. 3. Restart MySQL service. 4. Verify version update.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to MySQL Server to trusted hosts only.

# In MySQL my.cnf: bind-address = trusted_ip
# Use firewall: iptables -A INPUT -p tcp --dport 3306 -s trusted_ip -j ACCEPT

Least Privilege Enforcement

all

Minimize low-privileged accounts and restrict their permissions.

REVOKE ALL PRIVILEGES ON *.* FROM 'lowprivuser'@'%';
DROP USER 'lowprivuser'@'%';

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit MySQL access.
Apply principle of least privilege: remove unnecessary low-privileged accounts and limit existing ones.

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version falls within affected ranges, system is vulnerable.

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

After patching, verify version is outside affected ranges and test server stability under load.

📡 Detection & Monitoring

Log Indicators:

Unexpected MySQL crashes or hangs in error logs
Multiple connection attempts from single low-privileged accounts

Network Indicators:

Unusual traffic patterns to MySQL port 3306 from untrusted sources
Repeated connection attempts with malformed queries

SIEM Query:

source="mysql_error.log" AND ("crash" OR "hang" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-21575

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.26% exploit probability (49.4th percentile)

Published: April 15, 2025

Last Updated: November 3, 2025

🔗 References

https://www.oracle.com/security-alerts/cpuapr2025.html Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20250502-0006/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21575, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mysql Cluster by Oracle

Mysql Cluster by Oracle

Mysql Cluster by Oracle

Mysql Cluster by Oracle

Mysql Server by Oracle

Mysql Server by Oracle

Mysql Server by Oracle

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Least Privilege Enforcement

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities