MiracleLinux 8 : mysql:8.0 (AXSA:2025-9705:01)

🗓️ 13 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 8 updates MySQL 8.0 for multiple CVEs including InnoDB and optimizer.

Reporter	Title	Published	Views	Family All 2122
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities affect multiple packages shipped with IBM CICS TX Advanced.	28 Apr 202510:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities	26 Mar 202504:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	19 Jun 202505:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	27 Sep 202422:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in MIT Kerberos 5 (aka krb5) affects IBM watsonx Assistant for IBM Cloud Pak for Data	5 Feb 202514:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)	3 Sep 202414:18	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.	17 Feb 202515:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	27 Sep 202422:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to GNOME GLib, libcurl and kerberos 5	27 Sep 202411:38	–	ibm

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/20889
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2025-9705:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283317);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/20");

  script_cve_id(
    "CVE-2024-5535",
    "CVE-2024-7264",
    "CVE-2024-11053",
    "CVE-2024-21193",
    "CVE-2024-21194",
    "CVE-2024-21196",
    "CVE-2024-21197",
    "CVE-2024-21198",
    "CVE-2024-21199",
    "CVE-2024-21201",
    "CVE-2024-21203",
    "CVE-2024-21212",
    "CVE-2024-21213",
    "CVE-2024-21218",
    "CVE-2024-21219",
    "CVE-2024-21230",
    "CVE-2024-21231",
    "CVE-2024-21236",
    "CVE-2024-21237",
    "CVE-2024-21238",
    "CVE-2024-21239",
    "CVE-2024-21241",
    "CVE-2024-21247",
    "CVE-2024-37371",
    "CVE-2025-21490",
    "CVE-2025-21491",
    "CVE-2025-21494",
    "CVE-2025-21497",
    "CVE-2025-21500",
    "CVE-2025-21501",
    "CVE-2025-21503",
    "CVE-2025-21504",
    "CVE-2025-21505",
    "CVE-2025-21518",
    "CVE-2025-21519",
    "CVE-2025-21520",
    "CVE-2025-21521",
    "CVE-2025-21522",
    "CVE-2025-21523",
    "CVE-2025-21525",
    "CVE-2025-21529",
    "CVE-2025-21531",
    "CVE-2025-21534",
    "CVE-2025-21536",
    "CVE-2025-21540",
    "CVE-2025-21543",
    "CVE-2025-21546",
    "CVE-2025-21555",
    "CVE-2025-21559"
  );
  script_xref(name:"IAVA", value:"2024-A-0731");

  script_name(english:"MiracleLinux 8 : mysql:8.0 (AXSA:2025-9705:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2025-9705:01 advisory.

    * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
      * krb5: GSS message token handling (CVE-2024-37371)
      * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
      * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
      * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
      * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
      * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
      * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
      * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
      * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
      * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
      * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
      * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
      * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
      * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
      * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
      * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
      * curl: curl netrc password leak (CVE-2024-11053)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
      * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
      * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
      * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
      * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
      * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
    (CVE-2025-21555)
      * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
      * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
    (CVE-2025-21491)
      * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
      * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
      * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
      * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
      * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
      * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
      * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
    (CVE-2025-21559)
      * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
      * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/20889");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-37371");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mecab");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mecab-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mecab-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mecab-ipadic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mecab-ipadic-EUCJP");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-errmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^8([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 8.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var module_ver = get_kb_item('Host/MiracleLinux/appstream/mysql');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);

var constraints = {
  'mysql:8.0': [
    {
      'release': '8',
      'pkgs': [
        {'reference':'mecab-0.996-2.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mecab-debugsource-0.996-2.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mecab-devel-0.996-2.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mecab-ipadic-2.7.0.20070801-17.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-17.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-common-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-debugsource-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-devel-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-errmsg-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-libs-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-server-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
        {'reference':'mysql-test-8.0.41-1.module+el8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
      ]
    }
  ]
};

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
var appstreams_found = 0;
var appstream;
var appstream_name;
var appstream_version;
foreach var module (keys(constraints)) {
  appstream = NULL;
  appstream_name = NULL;
  appstream_version = NULL;
  appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/MiracleLinux/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach var module_array ( constraints[module] ) {
      # Check that the target release is equal to the affected release
      if (!empty_or_null(module_array['release'])){
        if (module_array['release'] != os_release) continue;
      }
      if (!empty_or_null(module_array['sp'])){
        if (module_array['sp'] != os_sp) continue;
      }
      foreach var package_array ( module_array['pkgs'] ) {
        reference = NULL;
        sp = NULL;
        _cpu = NULL;
        el_string = NULL;
        rpm_spec_vers_cmp = NULL;
        epoch = NULL;
        allowmaj = NULL;
        exists_check = NULL;
        cves = NULL;
        if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
        if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
        if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
        if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
        if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
        if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
        if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
        if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
        if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
        if (reference &&
            (!exists_check || rpm_exists(rpm:exists_check)) &&
            rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debugsource / mecab-devel / mecab-ipadic / etc');
}

20 Jan 2026 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.19.1

EPSS0.06873

SSVC