5 matches found
ROS-20251124-09
The vulnerability of the MySQL database access library aiomysql is related to the fact that client-side settings are not checked before sending local files to a remote MySQL server. client side settings are not checked before sending local files to a remote MySQL server. Exploitation vulnerabilit...
Arbitrary Client-Side File Disclosure
aiomysql is vulnerable to Arbitrary Client-Side File Disclosure. The vulnerability is due to the client not validating server requests for local files, and attackers can exploit this by running a rogue MySQL server that sends LOADLOCAL packets to request and retrieve arbitrary files from the clie...
agent-runtime-server (>=0.0.8 <=0.1.0), ai-application-gateway (>=0.1.1 <=0.1.5) +125 more potentially affected by CVE-2025-62611 via aiomysql (>=0.0.11 <=0.2.0)
aiomysql PYPI version =0.0.11, =0.0.8, =0.1.1, =0.0.1, =1.9.0, =2.10.0, =0.1.0, =0.0.2, =1.0.5, =0.0.154, =0.1.0, =0.1.0, =1.1.1, =3.13.4 and more Source cves: CVE-2025-62611 Source advisory: OSV:GHSA-R397-FF8C-WV2G...
agent-runtime-server (>=0.0.8 <=0.1.0), ai-application-gateway (>=0.1.1 <=0.1.5) +125 more potentially affected by CVE-2025-62611 via aiomysql (>=0.0.11 <=0.2.0)
aiomysql PYPI version =0.0.11, =0.0.8, =0.1.1, =0.0.1, =1.9.0, =2.10.0, =0.1.0, =0.0.2, =1.0.5, =0.0.154, =0.1.0, =0.1.0, =1.1.1, =3.13.4 and more Source cves: CVE-2025-62611 Source advisory: SNYK:PYTHON-AIOMYSQL-13671310...
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
Summary The client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. Details It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary...