VYPR
Moderate severityNVD Advisory· Published Nov 5, 2025· Updated Nov 6, 2025

Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

CVE-2025-58337

Description

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.

Impact:

Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications.

Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
doris-mcp-serverPyPI
< 0.6.00.6.0

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.