CVE-2025-8107
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-07-25
Assigner: OB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oceanbase | oceanbase | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8107 is a security vulnerability in OceanBase's Oracle tenant mode where a malicious user with certain privileges can escalate their privileges to SYS-level access by executing carefully crafted commands. This vulnerability only affects OceanBase tenants operating in Oracle mode and does not impact tenants in MySQL mode.
How can this vulnerability impact me? :
This vulnerability can allow a malicious user to escalate their privileges to SYS-level access within OceanBase's Oracle tenant mode. This means the attacker could gain the highest level of control over the database, potentially leading to unauthorized data access, modification, or disruption of database operations.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not specifically detailed for CVE-2025-8107. However, OceanBase recommends updating to the latest patched versions once security advisories are published. Additionally, following best practices such as restricting privileges to only necessary users, monitoring for unusual privilege escalations, and applying security updates promptly are advisable. [1]