CVE-2025-21519: 
MySQL vulnerability analysis and mitigation

CVE-2025-21519 is a vulnerability discovered in Oracle MySQL Server (component: Server: Security: Privileges) affecting versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. The vulnerability was disclosed on January 21, 2025 (NVD, Oracle CPU).

This is a difficult to exploit vulnerability that allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates network-based attack vector, high attack complexity, high privileges required, no user interaction needed, unchanged scope, and high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability with no direct effects on confidentiality or integrity (NVD).

Oracle has released patches for affected versions through the January 2025 Critical Patch Update. Ubuntu has also released security updates, updating MySQL to version 8.0.41 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10 (Ubuntu Security).