CVE-2025-21504: 
MySQL vulnerability analysis and mitigation

A vulnerability (CVE-2025-21504) was discovered in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Optimizer component. The affected versions include MySQL Server 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. This vulnerability was disclosed on January 21, 2025 (NVD, Oracle CPU).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. It has been assigned a CVSS 3.1 Base Score of 4.9 (Medium) with the vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is related to resource allocation without limits or throttling (CWE-770) (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of MySQL Server. The impact is primarily focused on availability, with no direct effects on confidentiality or integrity (NVD).

Oracle has released patches as part of its January 2025 Critical Patch Update. Users are strongly advised to update their MySQL Server installations to the latest patched versions. The update addresses this vulnerability along with other security issues (Oracle CPU).