Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for mysql-8.0. CVE-2025-21555[0]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server as well as unauthorized update, insert or | delete access to some of MySQL Server accessible data. CVSS 3.1 Base | Score 5.5 (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2025-21559[1]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server as well as unauthorized update, insert or | delete access to some of MySQL Server accessible data. CVSS 3.1 Base | Score 5.5 (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2025-21540[2]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Security: Privileges). Supported versions that | are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and | prior. Easily exploitable vulnerability allows low privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result | in unauthorized update, insert or delete access to some of MySQL | Server accessible data as well as unauthorized read access to a | subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 | (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). CVE-2025-21543[3]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Packaging). Supported versions that are | affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. | Easily exploitable vulnerability allows high privileged attacker | with network access via multiple protocols to compromise MySQL | Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21546[4]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Security: Privileges). Supported versions that | are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result | in unauthorized update, insert or delete access to some of MySQL | Server accessible data as well as unauthorized read access to a | subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 | (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). CVE-2025-21490[5]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21491[6]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21497[7]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server as well as unauthorized update, insert or | delete access to some of MySQL Server accessible data. CVSS 3.1 Base | Score 5.5 (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2025-21500[8]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. | Easily exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21501[9]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. | Easily exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21503[10]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21505[11]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Components Services). Supported versions that | are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result | in unauthorized ability to cause a hang or frequently repeatable | crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21518[12]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. | Easily exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21519[13]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Security: Privileges). Supported versions that | are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and | prior. Difficult to exploit vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result | in unauthorized ability to cause a hang or frequently repeatable | crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21520[14]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Options). Supported versions that are affected | are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. | Difficult to exploit vulnerability allows high privileged attacker | with logon to the infrastructure where MySQL Server executes to | compromise MySQL Server. Successful attacks require human | interaction from a person other than the attacker. Successful | attacks of this vulnerability can result in unauthorized read | access to a subset of MySQL Server accessible data. CVSS 3.1 Base | Score 1.8 (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). CVE-2025-21522[15]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Parser). Supported versions that are affected | are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows low privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21523[16]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21529[17]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Information Schema). Supported versions that | are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result | in unauthorized ability to cause a hang or frequently repeatable | crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2025-21531[18]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-21555 https://www.cve.org/CVERecord?id=CVE-2025-21555 [1] https://security-tracker.debian.org/tracker/CVE-2025-21559 https://www.cve.org/CVERecord?id=CVE-2025-21559 [2] https://security-tracker.debian.org/tracker/CVE-2025-21540 https://www.cve.org/CVERecord?id=CVE-2025-21540 [3] https://security-tracker.debian.org/tracker/CVE-2025-21543 https://www.cve.org/CVERecord?id=CVE-2025-21543 [4] https://security-tracker.debian.org/tracker/CVE-2025-21546 https://www.cve.org/CVERecord?id=CVE-2025-21546 [5] https://security-tracker.debian.org/tracker/CVE-2025-21490 https://www.cve.org/CVERecord?id=CVE-2025-21490 [6] https://security-tracker.debian.org/tracker/CVE-2025-21491 https://www.cve.org/CVERecord?id=CVE-2025-21491 [7] https://security-tracker.debian.org/tracker/CVE-2025-21497 https://www.cve.org/CVERecord?id=CVE-2025-21497 [8] https://security-tracker.debian.org/tracker/CVE-2025-21500 https://www.cve.org/CVERecord?id=CVE-2025-21500 [9] https://security-tracker.debian.org/tracker/CVE-2025-21501 https://www.cve.org/CVERecord?id=CVE-2025-21501 [10] https://security-tracker.debian.org/tracker/CVE-2025-21503 https://www.cve.org/CVERecord?id=CVE-2025-21503 [11] https://security-tracker.debian.org/tracker/CVE-2025-21505 https://www.cve.org/CVERecord?id=CVE-2025-21505 [12] https://security-tracker.debian.org/tracker/CVE-2025-21518 https://www.cve.org/CVERecord?id=CVE-2025-21518 [13] https://security-tracker.debian.org/tracker/CVE-2025-21519 https://www.cve.org/CVERecord?id=CVE-2025-21519 [14] https://security-tracker.debian.org/tracker/CVE-2025-21520 https://www.cve.org/CVERecord?id=CVE-2025-21520 [15] https://security-tracker.debian.org/tracker/CVE-2025-21522 https://www.cve.org/CVERecord?id=CVE-2025-21522 [16] https://security-tracker.debian.org/tracker/CVE-2025-21523 https://www.cve.org/CVERecord?id=CVE-2025-21523 [17] https://security-tracker.debian.org/tracker/CVE-2025-21529 https://www.cve.org/CVERecord?id=CVE-2025-21529 [18] https://security-tracker.debian.org/tracker/CVE-2025-21531 https://www.cve.org/CVERecord?id=CVE-2025-21531 Please adjust the affected versions in the BTS as needed.
