CVE-2025-8107 MEDIUM

CVE-2025-8107

Vendor Ob
Product OceanBase Server
Weakness CWE-668
Published July 24, 2025
Last update July 31, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands. This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.

Key dates

02Disclosure timeline

July 24, 2025 CVE published
July 31, 2025 Record updated