CVE-2025-53067: 
MySQL 脆弱性の分析と軽減

A vulnerability has been identified in Oracle MySQL Server's Optimizer component, tracked as CVE-2025-53067. The vulnerability affects MySQL Server versions 9.0.0 through 9.4.0. This security flaw was discovered by a researcher identified as 'yx' and was officially disclosed in Oracle's October 2025 Critical Patch Update (Oracle CPU).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9, indicating a medium severity level. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, which indicates network accessibility, low attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of MySQL Server. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (Oracle CPU).

Oracle has released patches for this vulnerability as part of its October 2025 Critical Patch Update. Users are strongly advised to update their MySQL Server installations to the latest patched versions. The update is available for all affected versions (9.0.0-9.4.0) (Oracle CPU).