How CVE-2025-21522 Works
This vulnerability exists in MySQL Server’s parser component (versions 8.0.40 and prior, 8.4.3 and prior, 9.1.0 and prior). Attackers with low privileges can exploit it via network access to trigger a parser flaw, causing MySQL Server to hang or crash repeatedly. The issue stems from improper handling of specific SQL queries, leading to uncontrolled resource consumption. The CVSS 3.1 score of 6.5 reflects its impact on availability (A:H) due to unauthenticated denial-of-service (DoS).
DailyCVE Form
Platform: MySQL
Version: <=8.0.40/8.4.3/9.1.0
Vulnerability: Parser DoS
Severity: Medium
Date: 04/08/2025
What Undercode Say:
Analytics:
- Affects default MySQL configurations
- Exploitable via crafted SQL payloads
- No confidentiality/data compromise
Exploit Commands:
-- Crash payload example (simplified) SELECT 1 FROM (SELECT FROM (SELECT 1 AS x) AS y WHERE y.x = (SELECT FROM (SELECT 1) AS z WHERE z.a = 1)) AS w;
Detection:
Check MySQL version mysql --version | grep -E "8.0.[0-40]|8.4.[0-3]|9.1.0"
Protection:
- Patch: Upgrade to MySQL 8.0.41+, 8.4.4+, or 9.1.1+
2. Mitigation:
-- Restrict user privileges REVOKE ALL PRIVILEGES ON . FROM 'lowpriv_user'@'%';
3. Network Controls:
Block suspicious queries via WAF iptables -A INPUT -p tcp --dport 3306 -m string --string "malicious_pattern" -j DROP
Log Monitoring:
Monitor crash logs tail -f /var/log/mysql/error.log | grep -i "crash|parser"
References:
- Oracle Critical Patch Update: January 2025
- CVE-2025-21522 NVD Entry
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-21522
Extra Source Hub:
Undercode
