CVE Details
Basic Information
| Title | CVE-2025-8107 |
|---|---|
| Type | cve |
| Published | 2025-07-24T07:12:13.878Z |
| Modified | 2025-07-24T07:22:51.456Z |
Product Information
| Vendor | OB |
|---|---|
| Product | OceanBase Server |
| Version | 3.x |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
AI Analysis
| AI Description | A vulnerability in OceanBase’s Oracle tenant mode allows a malicious user with specific privileges to escalate to SYS-level access by executing crafted commands. This issue affects only Oracle mode tenants and not those in MySQL mode. |
|---|---|
| AI Severity | Medium |
| AI Vendor | OceanBase |
| AI Product | OceanBase Server |
| AI Version | 3.x, 4.2.1, 4.2.x, 4.3.3.x |
Affected Products
- OB OceanBase Server 3.x
- OB OceanBase Server 4.2.1 x
- OB OceanBase Server 4.2.x
- OB OceanBase Server 4.3.3.x
Additional Information
| CWE List | CWE-668, CWE-269 |
|---|---|
| Source | OB |
Description
In OceanBase’s Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.
This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.