diff --git a/mysql-test/r/order_by.result b/mysql-test/r/order_by.result
index a056e1244e66b751c4cbcfe06daa7226c221840e..b48e87de38e9da265ba0a6ba2097b922bfb7720a 100644
--- a/mysql-test/r/order_by.result
+++ b/mysql-test/r/order_by.result
@@ -874,6 +874,30 @@ num	(select num + 2 FROM t1 LIMIT 1)
 SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a;
 ERROR 42S22: Unknown column 'num' in 'on clause'
 DROP TABLE t1;
+CREATE TABLE bug25126 (
+val int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY
+);
+UPDATE bug25126 SET MissingCol = MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'field list'
+UPDATE bug25126 SET val = val ORDER BY MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET val = val ORDER BY val;
+UPDATE bug25126 SET val = 1 ORDER BY val;
+UPDATE bug25126 SET val = 1 ORDER BY MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET val = 1 ORDER BY val, MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET val = MissingCol ORDER BY MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET MissingCol = 1 ORDER BY val, MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET MissingCol = 1 ORDER BY MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET MissingCol = val ORDER BY MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+UPDATE bug25126 SET MissingCol = MissingCol ORDER BY MissingCol;
+ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
+DROP TABLE bug25126;
 CREATE TABLE t1 (a int);
 SELECT p.a AS val, q.a AS val1 FROM t1 p, t1 q ORDER BY val > 1;
 val	val1
diff --git a/mysql-test/t/order_by.test b/mysql-test/t/order_by.test
index 15fb677110122684b47551476b1a304643cb7e04..f2da8e44843de8859a5b45c829867e9ce322755e 100644
--- a/mysql-test/t/order_by.test
+++ b/mysql-test/t/order_by.test
@@ -588,6 +588,36 @@ SELECT a + 1 AS num, (select num + 2 FROM t1 LIMIT 1) FROM t1;
 SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a;
 DROP TABLE t1;
 
+#
+# Bug#25126: Reference to non-existant column in UPDATE...ORDER BY... 
+#       crashes server
+#
+CREATE TABLE bug25126 (
+  val int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY
+);
+--error 1054
+UPDATE bug25126 SET MissingCol = MissingCol;
+--error 1054
+UPDATE bug25126 SET val = val ORDER BY MissingCol;
+UPDATE bug25126 SET val = val ORDER BY val;
+UPDATE bug25126 SET val = 1 ORDER BY val;
+--error 1054
+UPDATE bug25126 SET val = 1 ORDER BY MissingCol;
+--error 1054
+UPDATE bug25126 SET val = 1 ORDER BY val, MissingCol;
+--error 1054
+UPDATE bug25126 SET val = MissingCol ORDER BY MissingCol;
+--error 1054
+UPDATE bug25126 SET MissingCol = 1 ORDER BY val, MissingCol;
+--error 1054
+UPDATE bug25126 SET MissingCol = 1 ORDER BY MissingCol;
+--error 1054
+UPDATE bug25126 SET MissingCol = val ORDER BY MissingCol;
+--error 1054
+UPDATE bug25126 SET MissingCol = MissingCol ORDER BY MissingCol;
+DROP TABLE bug25126;
+
+
 #
 # Bug #25427: crash when order by expression contains a name
 #             that cannot be resolved unambiguously               
@@ -603,7 +633,6 @@ SELECT p.a AS val, q.a AS val FROM t1 p, t1 q ORDER BY val > 1;
 
 DROP TABLE t1;
 
-# End of 4.1 tests
 create table t1 (a int not null, b  int not null, c int not null);
 insert t1 values (1,1,1),(1,1,2),(1,2,1);
 select a, b from t1 group by a, b order by sum(c);
diff --git a/sql/item.cc b/sql/item.cc
index 48ca03ada0ad5c7301066021d502c45804860cda..f2bac36a99cece9d3df4a18619f8682e2f837b4b 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -3756,7 +3756,18 @@ bool Item_field::fix_fields(THD *thd, Item **reference)
              use the field from the Item_field in the select list and leave
              the Item_field instance in place.
             */
-            set_field((*((Item_field**)res))->field);
+
+            Field *field= (*((Item_field**)res))->field;
+
+            if (field == NULL)
+            {
+              /* The column to which we link isn't valid. */
+              my_error(ER_BAD_FIELD_ERROR, MYF(0), (*res)->name, 
+                       current_thd->where);
+              return(1);
+            }
+
+            set_field(field);
             return 0;
           }
           else