CVE-2025-21555: 
MySQL vulnerability analysis and mitigation

A vulnerability (CVE-2025-21555) was discovered in the MySQL Server product, specifically affecting the InnoDB component. The vulnerability affects MySQL Server versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. This security issue was disclosed on January 21, 2025 (Red Hat Portal, Oracle Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5, indicating a moderate severity level. The attack vector is Network-based with Low attack complexity, requiring High privileges and No user interaction. The scope is Unchanged, with No impact on confidentiality, Low impact on integrity, and High impact on availability. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H (Red Hat Portal).

The vulnerability allows a high-privileged attacker to cause a denial of service condition, resulting in frequent crashes or hangs of the MySQL Server. Additionally, it enables unauthorized modification of accessible data, including the ability to update, insert, or delete data via multiple network protocols (Red Hat Portal).

Oracle has addressed this vulnerability in their January 2025 Critical Patch Update. Users are advised to upgrade to the latest supported versions of MySQL Server that include the security fix (Oracle Advisory).