Wiz
Vulnerability DatabaseCVE-2025-21520

CVE-2025-21520
MySQL vulnerability analysis and mitigation

Overview

A vulnerability has been identified in Oracle MySQL Server (CVE-2025-21520) affecting the Server Options component. The vulnerability impacts MySQL Server versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. This security issue was disclosed on January 21, 2025 (NVD, Oracle CPU).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 1.8 (Low severity) with the following vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This indicates a local attack vector, high attack complexity, high privileges required, user interaction required, unchanged scope, low confidentiality impact, and no impact on integrity or availability (NVD).

Impact

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. The impact is limited to confidentiality, with no effects on system integrity or availability (Oracle CPU).

Mitigation and workarounds

Oracle has addressed this vulnerability in their January 2025 Critical Patch Update. Users are strongly recommended to update to the latest supported versions of MySQL Server. The vulnerability affects versions 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior (Oracle CPU).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo