CVE-2025-21494: 
MySQL vulnerability analysis and mitigation

CVE-2025-21494 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Security: Privileges component. The vulnerability affects MySQL Server versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. This vulnerability was disclosed on January 21, 2025 (NVD, Oracle CPU).

The vulnerability is classified as difficult to exploit and requires a high-privileged attacker with logon access to the infrastructure where MySQL Server executes. It has been assigned a CVSS 3.1 Base Score of 4.1, indicating medium severity, with the following vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability specifically impacts the availability of the system, with no direct impact on confidentiality or integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability, with no reported effects on data confidentiality or integrity (NVD, FortiGuard).

Oracle has addressed this vulnerability in their January 2025 Critical Patch Update. Users are strongly advised to upgrade affected MySQL Server installations to the latest available versions. The vulnerability affects versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior (Oracle CPU).