CVE-2025-58337

Sažetak

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).

Reference

https://lists.apache.org/thread/6tswlphj0pqn9zf25594r3c1vzvfj40h
http://www.openwall.com/lists/oss-security/2025/11/04/5

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

05-11-2025 - 11:15

Objavljeno

05-11-2025 - 10:15