CVE-2025-21574: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser) affects versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. The vulnerability was disclosed on April 15, 2025, and received a CVSS 3.1 Base Score of 6.5 (Medium severity) (NVD, Oracle CPU).

The vulnerability exists in the Server Parser component of MySQL Server. It is easily exploitable by a low-privileged attacker with network access via multiple protocols. The vulnerability has a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, low privileges required, no user interaction needed, unchanged scope, and high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of MySQL Server. The vulnerability only affects availability, with no impact on confidentiality or integrity (NVD).

Oracle has released patches for the affected versions as part of the April 2025 Critical Patch Update. Users are strongly advised to update to the latest patched versions. Until patches can be applied, organizations should consider restricting network access to MySQL Server instances and limiting user privileges (Oracle CPU).