CVE-2025-8107

Medium CVSS 6.3

Overview

In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.

This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.

CWE: CWE-269 Published: 2025-07-24T08:15:31.037

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.3 (MEDIUM)
Detected tags: priv_esc (tag impact: HIGH)

Recommended actions:

Fix privilege escalation urgently.
Enforce least-privilege and strengthen EDR detection.

Overview

Recommended tools

Tags