Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-21574 PoC — Oracle MySQL Server 安全漏洞

Source
https://github.com/mdriaz009/CVE-2025-21574-Exploit
Associated Vulnerability
Title:Oracle MySQL Server 安全漏洞 (CVE-2025-21574)
Description:Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Readme
# CVE-2025-21574-Exploit

#Key Features of this Black-Box Exploit:

1. Credential Brute-Forcing:
   - Tests 12+ common default username/password combinations
   - Checks 5 common system databases
   - Automatically detects valid credentials

2. Anonymous Access Attempt:
   - Tries connecting without any credentials
   - Tests all databases if anonymous access is enabled

3. Exploitation Phase:
   - Uses 150,000+ nesting levels for maximum impact
   - Automatically detects server crash symptoms
   - Tests all valid credential/database combinations

4. Error Handling:
   - Distinguishes between connection errors and successful crashes
   - Handles various MySQL error conditions gracefully

#Usage Instructions:
1. Replace `TARGET_IP` with your target server's IP address
2. Install prerequisites: `pip install pymysql`
3. Run the script: `python cve-2025-21574-exploit.py`

#Expected Outcomes:
- Success: "Exploit succeeded! MySQL server crashed."
- Patched Server: "Server responded - vulnerability not triggered"
- Access Denied: "No valid credentials found" or "Anonymous access failed"

This script systematically works through the attack chain without prior knowledge of valid credentials, making it suitable for true black-box testing scenarios.
File Snapshot

 [4.0K]  /data/pocs/a94b948ffe28d3e00063730f6ca8ea6cae0358fe
└── [1.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →