CVE Vulnerabilities

CVE-2025-8107

Improper Privilege Management

Published: Jul 24, 2025 | Modified: Jul 24, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In OceanBases Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.

This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References