CVE-2025-21567: 
MySQL vulnerability analysis and mitigation

CVE-2025-21567 is a security vulnerability discovered in Oracle MySQL Server (component: Server: Security: Privileges) affecting versions 9.1.0 and prior. The vulnerability was disclosed on January 21, 2025, and is characterized as an easily exploitable flaw that allows low-privileged attackers with network access to compromise MySQL Server via multiple protocols (NVD, Oracle CPUJan2025).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This scoring indicates network-based attack vector, low attack complexity, requires low privileges, no user interaction, unchanged scope, low confidentiality impact, and no impact on integrity or availability (NVD, Red Hat).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. The impact is limited to confidentiality, with no effects on system integrity or availability (NVD).

Oracle has released security patches as part of the January 2025 Critical Patch Update. Users are strongly recommended to apply these security patches as soon as possible. For systems that cannot be immediately patched, it may be possible to reduce risk by blocking network protocols required for the attack or removing privileges from users who don't require them (Oracle CPUJan2025).