CVE-2025-21588: 
MySQL vulnerability analysis and mitigation

A vulnerability (CVE-2025-21588) was discovered in Oracle MySQL Server's DML component affecting versions 8.4.0-8.4.4 and 9.0.0-9.2.0. The vulnerability was disclosed on April 15, 2025, as part of Oracle's Critical Patch Update. This is an easily exploitable vulnerability that allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The scoring indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, has unchanged scope, and affects only availability with no impact on confidentiality or integrity (Oracle CPU, NetApp Advisory).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The impact is limited to availability, with no compromise of data confidentiality or integrity (Oracle CPU, NetApp Advisory).

Oracle has released patches for the affected versions as part of the April 2025 Critical Patch Update. Organizations are strongly recommended to apply these security patches as soon as possible to address the vulnerability. Until patches can be applied, organizations should consider restricting network access to MySQL Server instances and limiting high-privilege account access (Oracle CPU).