[debian-mysql] Bug#1118543: mysql-8.0: CVE-2025-53040 CVE-2025-53042 CVE-2025-53044 CVE-2025-53045 CVE-2025-53053 CVE-2025-53054 CVE-2025-53062 CVE-2025-53069
Moritz Mühlenhoff
jmm at inutil.org
Tue Oct 21 23:20:40 BST 2025
Source: mysql-8.0
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2025-53040[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53042[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Optimizer). Supported versions that are
| affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53044[2]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53045[3]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53053[4]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: DML). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-53054[5]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2025-53062[6]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS
| Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53069[7]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Components Services). Supported versions that
| are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily
| exploitable vulnerability allows high privileged attacker with
| network access via multiple protocols to compromise MySQL Server.
| Successful attacks of this vulnerability can result in unauthorized
| ability to cause a hang or frequently repeatable crash (complete
| DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-53040
https://www.cve.org/CVERecord?id=CVE-2025-53040
[1] https://security-tracker.debian.org/tracker/CVE-2025-53042
https://www.cve.org/CVERecord?id=CVE-2025-53042
[2] https://security-tracker.debian.org/tracker/CVE-2025-53044
https://www.cve.org/CVERecord?id=CVE-2025-53044
[3] https://security-tracker.debian.org/tracker/CVE-2025-53045
https://www.cve.org/CVERecord?id=CVE-2025-53045
[4] https://security-tracker.debian.org/tracker/CVE-2025-53053
https://www.cve.org/CVERecord?id=CVE-2025-53053
[5] https://security-tracker.debian.org/tracker/CVE-2025-53054
https://www.cve.org/CVERecord?id=CVE-2025-53054
[6] https://security-tracker.debian.org/tracker/CVE-2025-53062
https://www.cve.org/CVERecord?id=CVE-2025-53062
[7] https://security-tracker.debian.org/tracker/CVE-2025-53069
https://www.cve.org/CVERecord?id=CVE-2025-53069
Please adjust the affected versions in the BTS as needed.
More information about the pkg-mysql-maint
mailing list