CVE-2025-21536: 
MySQL vulnerability analysis and mitigation

A vulnerability (CVE-2025-21536) was discovered in Oracle MySQL Server's Optimizer component, affecting versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior. The vulnerability was disclosed on January 21, 2025, and is tracked with a CVSS 3.1 Base Score of 4.9 (Medium severity) (Oracle CPU, NVD).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, high privileges required, no user interaction needed, and high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only impacts system availability, with no direct effects on confidentiality or integrity (Oracle CPU).

Oracle has addressed this vulnerability in their January 2025 Critical Patch Update. Users are strongly recommended to update their MySQL Server installations to versions newer than 8.0.39, 8.4.2, or 9.0.1 depending on their deployment version (Oracle CPU).