CVE-2025-21503: 
MySQL vulnerability analysis and mitigation

CVE-2025-21503 is a vulnerability discovered in Oracle MySQL Server's InnoDB component. The vulnerability affects MySQL Server versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. It was disclosed on January 21, 2025, as part of Oracle's Critical Patch Update (Oracle CPU, Red Hat CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9, indicating a moderate severity level. The CVSS vector is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H), which indicates that the vulnerability can be exploited over the network, requires low attack complexity, demands high privileges, needs no user interaction, has unchanged scope, and only impacts system availability (Red Hat CVE).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only affects the availability of the system, with no impact on confidentiality or integrity (Red Hat CVE).

Oracle has released patches to address this vulnerability in the January 2025 Critical Patch Update. Users are advised to upgrade to MySQL version 8.0.41 which contains fixes for this vulnerability. Ubuntu has also released security updates (mysql-server-8.0 version 8.0.41) for various Ubuntu versions including 20.04 LTS, 22.04 LTS, 24.04 LTS, and 24.10 (Ubuntu Notice).