CVE-2025-21585: 
MySQL vulnerability analysis and mitigation

CVE-2025-21585 is a vulnerability discovered in Oracle MySQL Server's Optimizer component. The affected versions include MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, and 9.0.0-9.2.0. This vulnerability was disclosed on April 15, 2025, as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is characterized by its network attack vector, low attack complexity, and requirement for high privileges. No user interaction is needed for exploitation, and the scope is unchanged (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of MySQL Server. The vulnerability only impacts availability, with no direct effects on confidentiality or integrity (Oracle CPU).

Oracle has released patches for the affected versions through their April 2025 Critical Patch Update. Users are strongly recommended to apply these security patches as soon as possible to address the vulnerability (Oracle CPU).

Multiple Linux distributions have acknowledged the vulnerability, including Red Hat Enterprise Linux 8 and 9, which have marked their MySQL packages as affected (Red Hat). Ubuntu has also classified this as a medium priority security issue (Ubuntu).