CVE-2025-21548: 
MySQL Connector Python vulnerability analysis and mitigation

A vulnerability has been identified in Oracle MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior. This vulnerability, tracked as CVE-2025-21548, was disclosed on January 21, 2025 (NVD, Oracle CPU).

The vulnerability is characterized as easily exploitable and requires a high-privileged attacker with network access via multiple protocols. The attack requires human interaction from a person other than the attacker. The vulnerability has received a CVSS 3.1 Base Score of 6.4 (Medium) with the vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all MySQL Connectors accessible data. Additionally, it can lead to unauthorized read access to a subset of MySQL Connectors accessible data and the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors (NVD).

Oracle has released security patches as part of its January 2025 Critical Patch Update. It is strongly recommended that customers apply these security patches as soon as possible (Oracle CPU).