VYPR
High severityOSV Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2025-62611

CVE-2025-62611

Description

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aiomysqlPyPI
< 0.3.00.3.0

Affected products

14

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.