CVE-2025-21575 is a vulnerability in the Oracle MySQL Cluster product affecting multiple versions from 7.6.0 through 9.2.0. The flaw exists in the MySQL Server parser component, which processes incoming requests. An attacker with low privileges and network access via multiple supported protocols can exploit this vulnerability to cause the MySQL Server to hang or crash repeatedly, resulting in a complete denial of service (DoS). The vulnerability does not allow unauthorized data access or modification but severely impacts availability. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates that the attack can be performed remotely over the network with low attack complexity and requires only low privileges, without user interaction. The vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption), suggesting that the parser can be overwhelmed or manipulated to exhaust resources, causing service disruption. No patches are currently linked, and no known exploits have been reported in the wild, but the vulnerability is easily exploitable given the low privilege and network access requirements. This poses a risk to environments using MySQL Cluster for high availability and critical database functions, as service outages could disrupt dependent applications and services.

For European organizations, the primary impact of CVE-2025-21575 is on availability. Organizations using MySQL Cluster for critical applications, such as financial services, telecommunications, healthcare, and government services, could experience service outages or degraded performance due to induced hangs or crashes. This could lead to operational disruptions, loss of productivity, and potential financial losses. Since the vulnerability does not affect confidentiality or integrity, data breaches are not a direct concern; however, denial of service can indirectly affect business continuity and trust. Given the widespread use of MySQL in Europe, especially in sectors relying on clustered database solutions for scalability and fault tolerance, the risk is significant. Attackers with network access and low privileges—such as compromised internal users or attackers who have gained limited network foothold—could leverage this vulnerability to disrupt services. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge.

1. Monitor Oracle’s official channels for patches addressing CVE-2025-21575 and apply them promptly once released. 2. Restrict network access to MySQL Cluster nodes by implementing strict firewall rules and network segmentation to limit exposure to trusted hosts and services only. 3. Enforce the principle of least privilege for all MySQL users and services, ensuring that accounts have only the minimum necessary permissions to reduce exploitation potential. 4. Implement network intrusion detection and prevention systems (IDS/IPS) to monitor for unusual traffic patterns or repeated connection attempts that could indicate exploitation attempts. 5. Regularly audit and monitor MySQL Cluster logs for signs of hangs, crashes, or anomalous parser activity to enable early detection of exploitation attempts. 6. Consider deploying rate limiting or connection throttling on MySQL interfaces to mitigate resource exhaustion attacks. 7. Maintain up-to-date backups and disaster recovery plans to minimize downtime impact in case of successful DoS attacks. 8. Educate internal teams about the vulnerability and ensure rapid incident response capabilities are in place.