CVE-2025-62611 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local fil…
High CVSS: 8.2

CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
Vendor
-
Product
-
CWE
CWE-73
Yayın Tarihi
2025-10-22 20:15:38
Güncelleme
2025-10-22 21:12:32
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-73 HIGH 2025

Referanslar

https://github.com/aio-libs/aiomysql/commit/32c4520dae3711367ded74a4726dcb8bb8919538 https://github.com/aio-libs/aiomysql/pull/1044 https://github.com/aio-libs/aiomysql/security/advisories/GHSA-r397-ff8c-wv2g