CVE-2025-21518: 
MySQL vulnerability analysis and mitigation

A vulnerability (CVE-2025-21518) has been identified in Oracle MySQL Server's Optimizer component. The affected versions include MySQL Server 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. This vulnerability was discovered by Jie Liang of WingTecher Lab of Tsinghua University and was publicly disclosed on January 21, 2025 (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is characterized as easily exploitable and requires a low-privileged attacker with network access via multiple protocols to compromise MySQL Server (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability primarily impacts system availability, with no direct effects on confidentiality or integrity (NVD).

Oracle has addressed this vulnerability in their January 2025 Critical Patch Update. Users are strongly advised to update to the latest version of MySQL Server that includes the security fix (Oracle CPU).