CVE-2025-50100: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling) affecting versions 8.0.0-8.0.42, 8.4.0-8.4.5, and 9.0.0-9.3.0. The vulnerability was disclosed on July 15, 2025, and is tracked as CVE-2025-50100 (Oracle Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 2.2 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L. The vulnerability requires network access and high privileges to exploit, with high attack complexity. No user interaction is required for exploitation, and the scope is unchanged. The vulnerability has no impact on confidentiality or integrity, but has a low impact on availability (NVD, Snyk).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. The impact is limited to availability, with no effect on confidentiality or integrity of the system (Oracle Advisory).

Oracle has addressed this vulnerability in their July 2025 Critical Patch Update. Users are advised to upgrade to the latest available versions of the affected MySQL Server components. The vulnerability affects multiple version ranges: 8.0.0-8.0.42, 8.4.0-8.4.5, and 9.0.0-9.3.0 (Oracle Advisory).