CVE-2025-21580: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML) identified as CVE-2025-21580. The vulnerability affects MySQL Server versions 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. This vulnerability was disclosed on April 15, 2025, as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is easily exploitable and allows high privileged attackers with network access via multiple protocols to compromise MySQL Server. It has been assigned a CVSS 3.1 Base Score of 4.9, indicating a moderate severity level. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, which indicates network vector attack with low complexity, requiring high privileges but no user interaction (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of MySQL Server. The vulnerability only impacts availability, with no direct effect on confidentiality or integrity (Oracle CPU).

Oracle has released patches for this vulnerability as part of their April 2025 Critical Patch Update. Users are strongly advised to update their MySQL Server installations to the latest patched versions. The vulnerability affects multiple version ranges: 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0 (Oracle CPU).