Bug 2339270 (CVE-2025-21521)

Summary: CVE-2025-21521 mysql: MySQL Server: Denial of service in Thread Pooling component
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in MySQL Server (Thread Pooling component). This vulnerability allows a denial of service (DoS) via network access through multiple protocols by an unauthenticated attacker.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2319437    
Bug Blocks:    

Description OSIDB Bzimport 2025-01-21 21:05:13 UTC 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).  Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Comment 1 errata-xmlrpc 2025-02-19 10:27:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1671 https://access.redhat.com/errata/RHSA-2025:1671
Comment 2 errata-xmlrpc 2025-02-19 11:04:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1673 https://access.redhat.com/errata/RHSA-2025:1673
Comment 3 errata-xmlrpc 2025-02-24 04:34:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1755 https://access.redhat.com/errata/RHSA-2025:1755
Comment 4 errata-xmlrpc 2025-02-24 04:52:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1756 https://access.redhat.com/errata/RHSA-2025:1756
Comment 5 errata-xmlrpc 2025-02-24 06:20:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1757 https://access.redhat.com/errata/RHSA-2025:1757
Comment 6 errata-xmlrpc 2025-02-24 13:11:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1766 https://access.redhat.com/errata/RHSA-2025:1766
Comment 7 errata-xmlrpc 2025-02-24 13:28:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1767 https://access.redhat.com/errata/RHSA-2025:1767
Comment 8 errata-xmlrpc 2025-03-17 06:01:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:2882 https://access.redhat.com/errata/RHSA-2025:2882
Comment 9 errata-xmlrpc 2025-03-17 07:41:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:2883 https://access.redhat.com/errata/RHSA-2025:2883