CVE-2025-21523: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) identified as CVE-2025-21523. The vulnerability affects MySQL Server versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. This security issue was disclosed on January 21, 2025, and received patches through Oracle's Critical Patch Update of January 2025 (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is characterized as easily exploitable by an attacker with high privileges and network access via multiple protocols (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only impacts availability, with no effects on confidentiality or integrity (Oracle CPU).

Oracle has released patches to address this vulnerability in MySQL version 8.0.41. Ubuntu has also released security updates (USN-7245-1) with fixed versions: 8.0.41-0ubuntu0.24.10.1 for Ubuntu 24.10, 8.0.41-0ubuntu0.24.04.1 for Ubuntu 24.04 LTS, 8.0.41-0ubuntu0.22.04.1 for Ubuntu 22.04 LTS, and 8.0.41-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS (Ubuntu Security).