aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
GHSA-r397-ff8c-wv2g | aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 22 Oct 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 22 Oct 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0. | |
Title | aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server | |
Weaknesses | CWE-73 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-10-22T19:44:02.865Z
Reserved: 2025-10-16T19:24:37.268Z
Link: CVE-2025-62611

Updated: 2025-10-22T19:43:54.987Z

Status : Awaiting Analysis
Published: 2025-10-22T20:15:38.363
Modified: 2025-10-22T21:12:32.330
Link: CVE-2025-62611

No data.

No data.