CVE-2025-62611 – aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

CVE ID : CVE-2025-62611

Published : Oct. 22, 2025, 8:15 p.m. | 27 minutes ago

Description : aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…