ISHACK AI BOT

SUSE: CVE-2025-20128: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Solution(s) suse-upgrade-clamav suse-upgrade-clamav-devel suse-upgrade-clamav-docs-html suse-upgrade-clamav-milter suse-upgrade-libclamav12 suse-upgrade-libclammspack0 suse-upgrade-libfreshclam3 References https://attackerkb.com/topics/cve-2025-20128 CVE - 2025-20128

Debian: CVE-2025-0611: chromium -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/27/2025 Description Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0611 CVE - 2025-0611 DSA-5848-1

SUSE: CVE-2025-23083: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/28/2025 Added 01/27/2025 Modified 01/30/2025 Description With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. Solution(s) suse-upgrade-corepack20 suse-upgrade-corepack22 suse-upgrade-nodejs20 suse-upgrade-nodejs20-devel suse-upgrade-nodejs20-docs suse-upgrade-nodejs22 suse-upgrade-nodejs22-devel suse-upgrade-nodejs22-docs suse-upgrade-npm20 suse-upgrade-npm22 References https://attackerkb.com/topics/cve-2025-23083 CVE - 2025-23083

Java CPU January 2025 Oracle Java SE vulnerability (CVE-2025-0509) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 02/06/2025 Description A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks. Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2025-0509 CVE - 2025-0509 http://www.oracle.com/security-alerts/cpujan2025.html

Amazon Linux AMI 2: CVE-2024-10929: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/05/2025 Added 02/04/2025 Modified 02/04/2025 Description In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-233-224-894 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-176-118-178 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-10929 AL2/ALASKERNEL-5.10-2025-081 AL2/ALASKERNEL-5.15-2025-062 AL2/ALASKERNEL-5.4-2025-092 CVE - 2024-10929

Oracle MySQL Vulnerability: CVE-2025-21534 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21534 CVE - 2025-21534

Oracle MySQL Vulnerability: CVE-2025-21525 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21525 CVE - 2025-21525

Amazon Linux 2023: CVE-2025-23083: Important priority package update for nodejs20 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:N) Published 01/22/2025 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. Solution(s) amazon-linux-2023-upgrade-nodejs20 amazon-linux-2023-upgrade-nodejs20-debuginfo amazon-linux-2023-upgrade-nodejs20-debugsource amazon-linux-2023-upgrade-nodejs20-devel amazon-linux-2023-upgrade-nodejs20-docs amazon-linux-2023-upgrade-nodejs20-full-i18n amazon-linux-2023-upgrade-nodejs20-libs amazon-linux-2023-upgrade-nodejs20-libs-debuginfo amazon-linux-2023-upgrade-nodejs20-npm amazon-linux-2023-upgrade-v8-11-3-devel References https://attackerkb.com/topics/cve-2025-23083 CVE - 2025-23083 https://alas.aws.amazon.com/AL2023/ALAS-2025-822.html

Oracle MySQL Vulnerability: CVE-2025-21503 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21503 CVE - 2025-21503

Oracle MySQL Vulnerability: CVE-2025-21522 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21522 CVE - 2025-21522

Red Hat: CVE-2025-23083: nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:N) Published 01/22/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/14/2025 Description With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2025-23083 RHSA-2025:1351 RHSA-2025:1443

SUSE: CVE-2025-23028: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/03/2025 Description Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. No known workarounds are available. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-23028 CVE - 2025-23028

Oracle MySQL Vulnerability: CVE-2025-21500 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21500 CVE - 2025-21500

Oracle MySQL Vulnerability: CVE-2025-21521 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21521 CVE - 2025-21521

Ubuntu: USN-7229-1 (CVE-2025-20128): ClamAV vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Solution(s) ubuntu-upgrade-clamav References https://attackerkb.com/topics/cve-2025-20128 CVE - 2025-20128 USN-7229-1

Oracle MySQL Vulnerability: CVE-2025-21546 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21546 CVE - 2025-21546

Oracle MySQL Vulnerability: CVE-2025-21529 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21529 CVE - 2025-21529

Oracle MySQL Vulnerability: CVE-2025-21519 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21519 CVE - 2025-21519

Oracle MySQL Vulnerability: CVE-2025-21555 Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21555 CVE - 2025-21555

Oracle MySQL Vulnerability: CVE-2025-21536 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21536 CVE - 2025-21536

Oracle MySQL Vulnerability: CVE-2025-21520 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21520 CVE - 2025-21520

Alma Linux: CVE-2024-11218: Important: podman security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. Solution(s) alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-podman alma-upgrade-podman-docker alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests References https://attackerkb.com/topics/cve-2024-11218 CVE - 2024-11218 https://errata.almalinux.org/9/ALSA-2025-0922.html https://errata.almalinux.org/9/ALSA-2025-0923.html

Oracle MySQL Vulnerability: CVE-2025-21540 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21540 CVE - 2025-21540

Microsoft Edge Chromium: CVE-2025-0611 Object corruption in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-0612 CVE - 2025-0612 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0612

Oracle MySQL Vulnerability: CVE-2025-21499 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/22/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/27/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.4.3 and prior and9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2025-21499 CVE - 2025-21499