CVE-2025-50104: 
MySQL vulnerability analysis and mitigation

A vulnerability has been identified in the MySQL Server product of Oracle MySQL, specifically in the Server: DDL component. The affected versions include MySQL Server 8.0.0-8.0.42, 8.4.0-8.4.5, and 9.0.0-9.3.0. This vulnerability was disclosed on July 15, 2025 (Oracle Advisory, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 2.7 (Low severity). The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L, indicating network accessibility, low attack complexity, high privileges required, no user interaction needed, unchanged scope, and low impact on availability with no impact on confidentiality or integrity. The vulnerability has been classified under CWE-400 (Uncontrolled Resource Consumption) (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. The impact is limited to availability, with no direct effects on confidentiality or integrity of the system (NVD).

Oracle has addressed this vulnerability in their July 2025 Critical Patch Update. Users are strongly recommended to update their MySQL Server installations to the latest patched versions. The vulnerability affects MySQL Server versions 8.0.0-8.0.42, 8.4.0-8.4.5, and 9.0.0-9.3.0, and updates should be applied as soon as possible (Oracle Advisory).