Multiple vulnerabilities in MySQL Workbench
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2025-5318 CVE-2025-49796 CVE-2025-4517 CVE-2025-6965 |
| CWE-ID | CWE-125 CWE-843 CWE-22 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
MySQL Workbench Universal components / Libraries / Software for developers |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU111900
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5318
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sftp_handle() function. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsMySQL Workbench: 8.0.0 - 8.0.43
CPE2.3- cpe:2.3:a:oracle:mysql_workbench:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpuoct2025.html?62416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type Confusion
EUVDB-ID: #VU111223
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-49796
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the xmlSchematronFormatReport() function when processing sch:name elements in schematron.c. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsMySQL Workbench: 8.0.0 - 8.0.43
CPE2.3- cpe:2.3:a:oracle:mysql_workbench:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpuoct2025.html?62416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU111966
Risk: High
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4517
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error in the tarfile module when extracting files from an archive with filter="data". A remote attacker can pass specially crafted archive to the application and write files to arbitrary locations on the system outside the extraction directory.
MitigationInstall update from vendor's website.
Vulnerable software versionsMySQL Workbench: 8.0.0 - 8.0.43
CPE2.3- cpe:2.3:a:oracle:mysql_workbench:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpuoct2025.html?62416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU113156
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-6965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsMySQL Workbench: 8.0.0 - 8.0.43
CPE2.3- cpe:2.3:a:oracle:mysql_workbench:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/security-alerts/cpuoct2025.html?62416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
