The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-21555

CVE-2025-21555: Oracle MySQL Server DOS Vulnerability

CVE-2025-21555 is a denial of service flaw in Oracle MySQL Server's InnoDB component that enables attackers to crash the database or manipulate data. This article covers technical details, affected versions, and mitigations.

Updated: January 22, 2026

CVE-2025-21555 Overview

CVE-2025-21555 is an authorization bypass vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the InnoDB storage engine component. This vulnerability allows a high-privileged attacker with network access to compromise MySQL Server through multiple protocols. Successful exploitation can result in denial of service conditions through system hangs or repeatable crashes, as well as unauthorized modification of MySQL Server accessible data.

Critical Impact

This vulnerability enables complete denial of service through server crashes and unauthorized data modification capabilities, potentially disrupting database availability and data integrity for affected MySQL deployments.

Affected Products

  • Oracle MySQL Server version 8.0.40 and prior
  • Oracle MySQL Server version 8.4.3 and prior
  • Oracle MySQL Server version 9.1.0 and prior

Discovery Timeline

  • 2025-01-21 - CVE-2025-21555 published to NVD
  • 2025-11-03 - Last updated in NVD database

Technical Details for CVE-2025-21555

Vulnerability Analysis

This vulnerability resides in the InnoDB storage engine, which is the default transactional storage engine for MySQL. The flaw is classified under CWE-863 (Incorrect Authorization), indicating that the vulnerability stems from improper authorization checks within the InnoDB component.

The vulnerability is easily exploitable, requiring network access but limited to attackers who already possess high privileges on the MySQL Server. The attack can be conducted through multiple network protocols supported by MySQL, including the standard MySQL protocol and potentially administrative interfaces.

When successfully exploited, this vulnerability impacts both system availability and data integrity. The availability impact is significant, allowing attackers to induce complete denial of service through system hangs or frequently repeatable crashes. Additionally, attackers gain unauthorized ability to update, insert, or delete some MySQL Server accessible data, though confidentiality is not affected.

Root Cause

The root cause is an incorrect authorization vulnerability (CWE-863) within the InnoDB storage engine. This type of flaw occurs when authorization checks fail to properly validate whether a user has the necessary permissions to perform certain operations. In this case, the InnoDB component does not adequately enforce authorization boundaries, allowing privileged users to perform actions that should be restricted or that cause unintended system behavior.

Attack Vector

The attack vector is network-based, requiring the attacker to have high-level privileges on the MySQL Server. The exploitation path involves:

  1. An authenticated attacker with administrative or high-privilege database access connects to the MySQL Server via network protocols
  2. The attacker sends specially crafted requests targeting the InnoDB storage engine
  3. Due to improper authorization checks, these requests bypass intended restrictions
  4. The exploitation results in either a complete denial of service (server hang or crash) or unauthorized data modification

The vulnerability does not require user interaction and operates within the context of the vulnerable MySQL Server without changing scope to affect other components.

Detection Methods for CVE-2025-21555

Indicators of Compromise

  • Unexpected MySQL Server crashes or hangs, particularly those coinciding with administrative user activity
  • Anomalous database modifications or unauthorized INSERT, UPDATE, or DELETE operations in MySQL logs
  • Repeated server restarts or service interruptions without apparent cause
  • Unusual network connections from privileged accounts to the MySQL Server

Detection Strategies

  • Monitor MySQL error logs for crash dumps and InnoDB-specific error messages indicating abnormal termination
  • Implement database activity monitoring to track privileged user operations and identify anomalous query patterns
  • Configure audit logging for all administrative actions on MySQL Server instances
  • Deploy network monitoring to detect unusual patterns in MySQL protocol traffic from privileged accounts

Monitoring Recommendations

  • Enable MySQL general query log and slow query log for forensic analysis capabilities
  • Configure alerting for MySQL Server process crashes or unexpected restarts
  • Implement real-time monitoring of InnoDB status variables for signs of corruption or instability
  • Review privileged user access patterns and establish baselines for normal administrative activity

How to Mitigate CVE-2025-21555

Immediate Actions Required

  • Apply the Oracle Critical Patch Update (CPU) January 2025 to all affected MySQL Server installations immediately
  • Review and restrict high-privilege account access to only essential personnel
  • Implement network segmentation to limit MySQL Server exposure to untrusted networks
  • Enable comprehensive audit logging to detect potential exploitation attempts

Patch Information

Oracle has addressed this vulnerability in the Oracle Critical Patch Update January 2025. Organizations should upgrade to patched versions of MySQL Server:

  • MySQL Server versions after 8.0.40
  • MySQL Server versions after 8.4.3
  • MySQL Server versions after 9.1.0

Additional security guidance is available in the NetApp Security Advisory NTAP-20250131-0004 for NetApp products that incorporate MySQL.

Workarounds

  • Restrict network access to MySQL Server to only trusted IP addresses and networks using firewall rules
  • Implement the principle of least privilege by reviewing and reducing high-privilege account permissions
  • Consider placing MySQL Server behind a VPN or bastion host to limit exposure
  • Enable MySQL connection limits and resource restrictions to mitigate potential DoS impact
bash
# Configuration example - Restrict MySQL network access and enable logging
# In my.cnf or mysqld.cnf

[mysqld]
# Bind MySQL to specific interface
bind-address = 127.0.0.1

# Enable general query log for monitoring
general_log = 1
general_log_file = /var/log/mysql/general.log

# Enable audit logging (MySQL Enterprise)
# audit_log_file = /var/log/mysql/audit.log

# Limit connections per user
max_user_connections = 50

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechOracle Mysql Server
  • SeverityMEDIUM
  • CVSS Score5.5
  • EPSS Probability0.20%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-863
  • Technical References
  • NetApp Security Advisory NTAP-20250131-0004
  • Vendor Resources
  • Oracle Critical Patch Update January 2025
  • Related CVEs
  • CVE-2025-21559: Oracle MySQL Server DoS Vulnerability
  • CVE-2025-21534: Oracle MySQL Server DoS Vulnerability
  • CVE-2025-21505: Oracle MySQL Server DoS Vulnerability
  • CVE-2025-21490: Oracle MySQL Server DoS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English