CVE-2025-59333

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions mcp-database-server (MCP Server) versions 1.1.0 and earlier

Description The mcp-database-server (MCP Server) distributed via the npm package @executeautomation/database-server does not implement adequate security controls to enforce read-only mode. This can lead to abuse and attacks on affected database systems, such as PostgreSQL, potentially resulting in denial of service and other unexpected behaviors. This vulnerability affects only the npm distribution.

Recommendations Update to a version of mcp-database-server later than 1.1.0.

Exploit

Fix

DoS

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-59333

GHSA-65HM-PWJ5-73PW

Affected Products

@Executeautomation/Database-Server

Mcp-Database-Server

CVE-2025-59333

Weakness Enumeration

Related Identifiers

Affected Products

References · 8