How CVE-2025-21567 Works
This vulnerability exists in MySQL Server’s privilege handling component (versions ≤9.1.0). Attackers with low privileges can exploit incorrect access control checks via network protocols (TCP/IP, named pipes). The flaw occurs when validating user roles during metadata queries, allowing unauthorized SELECT operations on certain system tables. MySQL fails to properly enforce the REQUIRED_PRIVILEGES flag when processing INFORMATION_SCHEMA requests, leaking data like user permissions or schema details. The attack requires valid credentials but no admin rights.
DailyCVE Form
Platform: MySQL
Version: ≤9.1.0
Vulnerability: Privilege Escalation
Severity: Medium
Date: 04/08/2025
What Undercode Say:
Exploitation:
-- Proof-of-Concept: CREATE USER 'attacker'@'%' IDENTIFIED BY 'weakpass'; GRANT SELECT ON . TO 'attacker'@'%'; EXPLOIT: SELECT FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='mysql'; -- Bypasses privilege checks for 'user' table metadata
Detection:
Check MySQL version: mysql --version | grep -E "9.1.0|earlier" Audit logs for suspicious metadata queries: grep "INFORMATION_SCHEMA" /var/log/mysql/mysql.log
Protection:
1. Apply Oracle patch 9.1.0.1+
2. Restrict network access:
my.cnf mitigation: [bash] skip-networking=1 required_privileges=STRICT
3. Revoke unnecessary SELECT privileges:
REVOKE SELECT ON INFORMATION_SCHEMA. FROM 'public'@'%';
Analytics:
- Attack Vector: Network (AV:N)
- Exploitability: Low Privilege (PR:L)
- Impact: Confidentiality (C:L)
- CVSS 4.0 Temp Score: 5.1 (Medium)
- Observed in wild: No
References:
- Oracle Advisory: CPUJan2025
- Mitre: CWE-285 (Improper Authorization)
- Patch Link: [Oracle MySQL Downloads]
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-21567
Extra Source Hub:
Undercode
