PT-2025-45102 · Unknown · Doris Mcp Server
Liran Tal
·
Published
2025-11-05
·
Updated
2025-11-05
·
CVE-2025-58337
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Doris MCP Server versions prior to 0.6.0
Description
An attacker with a valid read-only account can bypass the Doris MCP Server’s read-only mode due to improper access control. This allows modifications that should have been prevented by read-only restrictions. Attackers with read-only access may perform unauthorized modifications.
Recommendations
Upgrade to version 0.6.0 as soon as possible.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Doris Mcp Server