3 matches found
CVE-2025-66335
Technical details for CVE-2025-66335 are not publicly available in the provided documents; monitor for updates.
CVE-2025-66336
CVE-2025-66336 affects Apache Doris MCP Server. The issue is a SQL injection in a metadata query path where a user-controlled database name is directly interpolated into a SQL query and executed without enforcing the caller’s authorization context. This can allow an authenticated user, or an anon...
CVE-2025-58337
The vulnerability CVE-2025-58337 affects Apache Doris-MCP-Server (Doris MCP Server). An attacker with a valid read-only account can bypass the server’s read-only mode due to improper access control, enabling modifications that should have been blocked. Impact is bypassing read-only restrictions a...