CVE-2025-21521: 
MySQL vulnerability analysis and mitigation

A vulnerability (CVE-2025-21521) was discovered in Oracle MySQL Server's Thread Pooling component affecting versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. The vulnerability was disclosed on January 21, 2025. This easily exploitable vulnerability allows unauthenticated attackers with network access to compromise MySQL Server via multiple protocols (NVD, Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (High severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is related to the Thread Pooling component of MySQL Server and has been classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability primarily impacts system availability, with no direct effects on confidentiality or integrity (NVD).

Oracle has released patches to address this vulnerability in their January 2025 Critical Patch Update. Users are strongly advised to update their MySQL Server installations to the latest patched versions (Oracle CPU).