High severityOSV Advisory· Published Oct 22, 2025· Updated Apr 15, 2026
CVE-2025-62611
CVE-2025-62611
Description
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aiomysqlPyPI | < 0.3.0 | 0.3.0 |
Affected products
14- osv-coords13 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-2-bitnami-compatpkg:apk/chainguard/airflow-2-compatpkg:apk/chainguard/airflow-2-iamguarded-compatpkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-3-bitnami-compatpkg:apk/chainguard/airflow-3-compatpkg:apk/chainguard/airflow-3-iamguarded-compatpkg:apk/wolfi/airflow-3pkg:apk/wolfi/airflow-3-bitnami-compatpkg:apk/wolfi/airflow-3-compatpkg:apk/wolfi/airflow-3-iamguarded-compatpkg:pypi/aiomysql
< 2.11.0-r15+ 12 more
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 0.3.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-r397-ff8c-wv2gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-62611ghsaADVISORY
- github.com/aio-libs/aiomysql/commit/32c4520dae3711367ded74a4726dcb8bb8919538nvdWEB
- github.com/aio-libs/aiomysql/pull/1044nvdWEB
- github.com/aio-libs/aiomysql/security/advisories/GHSA-r397-ff8c-wv2gnvdWEB
News mentions
0No linked articles in our index yet.