MySQL, Denial of Service (DoS), CVE-2025-21534 (Medium)

By /

How CVE-2025-21534 Works

This vulnerability exists in MySQL Server’s Performance Schema component. Attackers with high privileges (such as database administrators) can exploit it remotely via multiple protocols. The flaw occurs due to improper handling of internal Performance Schema operations, leading to resource exhaustion. When maliciously crafted queries are executed, they trigger an infinite loop or excessive memory consumption, causing the MySQL service to hang or crash repeatedly. The impact is limited to availability (DoS) without compromising data confidentiality or integrity. Oracle’s CVSS 3.1 scoring rates it 4.9 (Medium) due to the requirement of high privileges for exploitation.

DailyCVE Form

Platform: MySQL Server
Version: 8.0.39, 8.4.2, 9.0.1
Vulnerability: DoS via Performance Schema
Severity: Medium
Date: 04/08/2025

What Undercode Say:

Exploitation Analysis

  1. Exploit Trigger: Crafted `PERFORMANCE_SCHEMA` queries from high-privileged accounts.

2. Payload Example:

SELECT FROM performance_schema.events_waits_history_long WHERE 1=2 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20;

3. Debugging: Monitor MySQL logs for repeated crashes:

tail -f /var/log/mysql/error.log | grep -i "performance_schema"

Protection Measures

  1. Patch: Upgrade to MySQL 8.0.40+, 8.4.3+, or 9.0.2+.

2. Workaround: Restrict `SUPER` privileges:

REVOKE SUPER ON . FROM 'admin'@'%';

3. Detection: Use IDS rules to block suspicious Performance Schema queries:

alert mysql any any -> any 3306 (msg:"CVE-2025-21534 Exploit Attempt"; content:"performance_schema.events_waits_history_long"; sid:10001234;)

Forensic Commands

1. Crash Analysis:

gdb /usr/sbin/mysqld /var/lib/mysql/core.dump -ex 'bt full' -ex 'quit'

2. Memory Profiling:

valgrind --tool=memcheck --leak-check=full mysqld --console

Mitigation Script

import pymysql
def check_mysql_version(host, user, passwd):
conn = pymysql.connect(host=host, user=user, password=passwd)
cursor = conn.cursor()
cursor.execute("SHOW VARIABLES LIKE 'version'")
version = cursor.fetchone()[bash]
if version in ["8.0.39", "8.4.2", "9.0.1"]:
print(f"[!] Vulnerable MySQL {version} detected!")
conn.close()

Network Countermeasures

iptables -A INPUT -p tcp --dport 3306 -m string --string "performance_schema" --algo bm -j DROP

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-21534
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top