CVE-2025-21559: 
MySQL vulnerability analysis and mitigation

CVE-2025-21559 is a vulnerability discovered in Oracle MySQL Server's InnoDB component. The vulnerability affects MySQL Server versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. This security issue was disclosed on January 21, 2025, and received a CVSS 3.1 Base Score of 5.5 (Medium severity) (NVD, Oracle Advisory).

The vulnerability is characterized by its network-based attack vector with low attack complexity, requiring high privileges but no user interaction. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H, indicating that while confidentiality impact is none, there are low integrity and high availability impacts. The vulnerability is considered easily exploitable by attackers with network access via multiple protocols (Oracle Advisory).

Successful exploitation of this vulnerability can result in two primary impacts: unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, and unauthorized access to modify MySQL Server accessible data through update, insert, or delete operations (NVD, Red Hat).

Oracle has released patches to address this vulnerability in the January 2025 Critical Patch Update. Users are advised to upgrade to MySQL version 8.0.41 or later versions that contain the security fix. Ubuntu has also released fixed versions: 8.0.41-0ubuntu0.24.10.1, 8.0.41-0ubuntu0.24.04.1, 8.0.41-0ubuntu0.22.04.1, and 8.0.41-0ubuntu0.20.04.1 (Ubuntu).