Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
Product(s):
- Oracle MySQL
- Oracle MySQL 8.0.0
- Oracle MySQL 8.0.10
- Oracle MySQL 8.0.11
- Oracle MySQL 8.0.12
- Oracle MySQL 8.0.13
- Oracle MySQL 8.0.14
- Oracle MySQL 8.0.15
- Oracle MySQL 8.0.16
- Oracle MySQL 8.0.17
- Oracle MySQL 8.0.18
- Oracle MySQL 8.0.19
- Oracle MySQL 8.0.1
- Oracle MySQL 8.0.20
- Oracle MySQL 8.0.21
- Oracle MySQL 8.0.22
- Oracle MySQL 8.0.23
- Oracle MySQL 8.0.24
- Oracle MySQL 8.0.25
- Oracle MySQL 8.0.26
- Oracle MySQL 8.0.27
- Oracle MySQL 8.0.28
- Oracle MySQL 8.0.29
- Oracle MySQL 8.0.2
- Oracle MySQL 8.0.30
- Oracle MySQL 8.0.31
- Oracle MySQL 8.0.32
- Oracle MySQL 8.0.33
- Oracle MySQL 8.0.34
- Oracle MySQL 8.0.35
- Oracle MySQL 8.0.36
- Oracle MySQL 8.0.37
- Oracle MySQL 8.0.39
- Oracle MySQL 8.0.3
- Oracle MySQL 8.0.4
- Oracle MySQL 8.0.5
- Oracle MySQL 8.4.0
- Oracle MySQL 8.4.2
- Oracle MySQL 9.0.0
- Oracle MySQL 9.0.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2025-50100, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-50100 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.