CVE-2025-21505: 
MySQL vulnerability analysis and mitigation

CVE-2025-21505 is a vulnerability discovered in Oracle MySQL Server (component: Server: Components Services) affecting versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. The vulnerability was disclosed on January 21, 2025, and received a CVSS 3.1 Base Score of 4.9, indicating medium severity (NVD, Oracle CPU).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. It has been assigned a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating network attack vector, low attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity of the system (Oracle CPU).

Oracle has released patches for affected versions in the January 2025 Critical Patch Update. Ubuntu has also released updated packages (version 8.0.41) for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10 to address this vulnerability (Ubuntu Notice).