CVE-2025-53023: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication) affecting versions 8.0.0-8.0.42. This vulnerability was discovered by Weiheng Qiu of Vanderbilt University and disclosed on July 15, 2025. The vulnerability allows high privileged attackers with network access to compromise MySQL Server via multiple protocols (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based, with low attack complexity, requiring high privileges, and no user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity (Oracle CPU).

Oracle has addressed this vulnerability in their July 2025 Critical Patch Update. Users are strongly advised to upgrade to versions newer than 8.0.42. For Ubuntu systems, the vulnerability affects MySQL 8.0 packages in versions 24.04 LTS noble and 22.04 LTS jammy, which are marked as vulnerable and require updates (Ubuntu Security).