CVE-2025-21534: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in Oracle MySQL Server's Performance Schema component, tracked as CVE-2025-21534. The vulnerability affects MySQL Server versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. This security issue was disclosed on January 21, 2025, as part of Oracle's Critical Patch Update (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The technical assessment indicates that this is an easily exploitable vulnerability that requires high privileges and network access via multiple protocols to compromise MySQL Server (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The impact is primarily focused on availability, with no direct effects on confidentiality or integrity (NVD).

Oracle has released security patches as part of its January 2025 Critical Patch Update. Users are strongly advised to update to the latest version of MySQL Server to address this vulnerability. The patches are available through the official Oracle support channels (Oracle CPU).