CVE-2025-24375

MEDIUM EPSS 3.6%
Published Apr 9, 20251y ago · Modified Jun 17, 20262w ago
5.0 CVSS 3.1
Medium
Find Similar
Published Apr 9, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary script file containing the full URI, with user and password. The file can be read by a unprivileged user during the operator runtime, due it being created with read permissions (0x644). On other cases, when calling mysql cli, for one specific case when creating the operator users, the DDL contains said users credentials, which can be leak through the same mechanism of a temporary file. All versions prior to revision 221 for kubernetes and revision 338 for machine operators.

CVSS Details

Base Score
5.0
Exploitability
1.3
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
3.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-256

References 5

  • github.com https://github.com/canonical/mysql-k8s-operator/commit/7c6b1206fcbc7324b72f413c5e63216e742a71a1
  • github.com https://github.com/canonical/mysql-k8s-operator/pull/553
  • github.com https://github.com/canonical/mysql-k8s-operator/security/advisories/GHSA-g83v-7694-2hf7
  • github.com https://github.com/canonical/mysql-operator/commit/1fb61c1ee3e396cdce13d5e8155f2f32a860f89e
  • github.com https://github.com/canonical/mysql-operator/pull/579

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.