Missing Authorization
CVE-2025-50068
Summary
A vulnerability has been reported in the 'MySQL Cluster General' component of MySQL Server, a product of Oracle MySQL. Supported versions affected are 8.0.0 through 8.0.42, 8.4.0 through 8.4.5 and 9.0.0 through 9.3.0. Easily exploitable vulnerability allows high privileged attacker with login to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- HIGH
- HIGH
- HIGH
CWE-862 - Missing Authorization
The missing authorization vulnerability occurs when a software program allows users to access privileged parts of the program without verifying the user credentials. Impact of such a vulnerability depends on the resources employed by the software, ranging from account takeover to sensitive information exposure, denial of service, and complete system takeover.
Advisory Timeline
- Published
