CVE-2025-8107

Summary

In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.

This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.

Affected Software

VendorProductVersion RangeStatus
OBOceanBase Server3.2.4.x < 3.2.4.8affected
OBOceanBase Server4.2.1 x < 4.2.1.10affected
OBOceanBase Server4.2.x < 4.2.5affected
OBOceanBase Server4.3.3.x < 4.3.3.2affected
OBOceanBase Server4.3.4unaffected

Weaknesses

  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere
  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References