CVE-2025-21574

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21574
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21574.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21574
Downstream
Related
Published
2025-04-15T21:15:47.793Z
Modified
2026-04-10T05:22:31.382217Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

References

Affected packages

Git / github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
71c0abbae5526074ef6668366f5562905b34d8e9
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Last affected
14ba93991ba6a58a39d2e675b276af56f1079174
Introduced
dc86e412f18b36ce271f791026714e8caa0ec919
Last affected
500c3117e6f638043c4fea8aacf17d63a8d07de6
Introduced
527c12ed611f3fe072c3043734319edb2c733099
Last affected
6b6d3ed3d5c6591b446276184642d7d0504ecc86
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Last affected
14ba93991ba6a58a39d2e675b276af56f1079174
Introduced
dc86e412f18b36ce271f791026714e8caa0ec919
Last affected
500c3117e6f638043c4fea8aacf17d63a8d07de6
Introduced
527c12ed611f3fe072c3043734319edb2c733099
Last affected
6b6d3ed3d5c6591b446276184642d7d0504ecc86
Database specific 
{
    "versions": [
        {
            "introduced": "7.6.0"
        },
        {
            "last_affected": "7.6.33"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.41"
        },
        {
            "introduced": "8.4.0"
        },
        {
            "last_affected": "8.4.4"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.2.0"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.41"
        },
        {
            "introduced": "8.4.0"
        },
        {
            "last_affected": "8.4.4"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.2.0"
        }
    ]
}

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.7-22-ndb-7.6.6
mysql-8.*
mysql-8.0.40
mysql-8.0.41
mysql-8.4.1
mysql-8.4.3
mysql-8.4.4
mysql-9.*
mysql-9.0.0-release
mysql-9.2.0
mysql-cluster-7.*
mysql-cluster-7.5.2
mysql-cluster-7.6.11
mysql-cluster-7.6.15
mysql-cluster-7.6.16
mysql-cluster-7.6.19
mysql-cluster-7.6.20
mysql-cluster-7.6.24
mysql-cluster-7.6.28
mysql-cluster-7.6.30
mysql-cluster-7.6.31
mysql-cluster-7.6.33
mysql-cluster-8.*
mysql-cluster-8.0.40
mysql-cluster-8.0.41
mysql-cluster-8.4.1
mysql-cluster-8.4.3
mysql-cluster-8.4.4
mysql-cluster-9.*
mysql-cluster-9.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21574.json"