openEuler update for mysql
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2025-21490 CVE-2025-21491 CVE-2025-21495 CVE-2025-21497 CVE-2025-21500 CVE-2025-21501 CVE-2025-21503 CVE-2025-21505 CVE-2025-21518 CVE-2025-21519 CVE-2025-21520 CVE-2025-21522 CVE-2025-21523 CVE-2025-21529 CVE-2025-21531 CVE-2025-21540 CVE-2025-21543 CVE-2025-21546 CVE-2025-21555 CVE-2025-21559 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system mysql-test Operating systems & Components / Operating system package or component mysql-server Operating systems & Components / Operating system package or component mysql-libs Operating systems & Components / Operating system package or component mysql-help Operating systems & Components / Operating system package or component mysql-errmsg Operating systems & Components / Operating system package or component mysql-devel Operating systems & Components / Operating system package or component mysql-debugsource Operating systems & Components / Operating system package or component mysql-debuginfo Operating systems & Components / Operating system package or component mysql-config Operating systems & Components / Operating system package or component mysql-common Operating systems & Components / Operating system package or component mysql Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU103188
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU103189
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21491
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU103200
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Firewall component in MySQL Enterprise Firewall. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU103182
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21497
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU103177
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21500
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU103178
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21501
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU103190
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21503
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU103192
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21505
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU103176
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21518
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU103202
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU103206
Risk: Low
CVSSv4.0: 0.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21520
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU103180
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21522
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU103191
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21523
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU103195
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21529
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU103186
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21531
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU103185
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU103187
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21543
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Packaging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU103205
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21546
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU103183
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21555
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU103184
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-21559
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
mysql-test: before 8.0.41-1
mysql-server: before 8.0.41-1
mysql-libs: before 8.0.41-1
mysql-help: before 8.0.41-1
mysql-errmsg: before 8.0.41-1
mysql-devel: before 8.0.41-1
mysql-debugsource: before 8.0.41-1
mysql-debuginfo: before 8.0.41-1
mysql-config: before 8.0.41-1
mysql-common: before 8.0.41-1
mysql: before 8.0.41-1
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:mysql-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-server:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-libs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-errmsg:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-config:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:mysql:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1103
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
