Moderate severityNVD Advisory· Published Nov 5, 2025· Updated Nov 6, 2025
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server
CVE-2025-58337
Description
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.
Impact:
Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications.
Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
doris-mcp-serverPyPI | < 0.6.0 | 0.6.0 |
Affected products
2- Range: 0.1.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-m35w-xx8c-6xc7ghsaADVISORY
- lists.apache.org/thread/6tswlphj0pqn9zf25594r3c1vzvfj40hghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-58337ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/11/04/5ghsaWEB
- github.com/apache/doris-mcp-server/commit/5923cc1c8973069a6d54eca1948a10488cbf409eghsaWEB
- security.snyk.io/vuln/SNYK-PYTHON-DORISMCPSERVER-13835132ghsaWEB
News mentions
0No linked articles in our index yet.