- Description
- Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- doris_mcp_server
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@apache.org
- CWE-89
- Hype score
- Not currently trending
CVE-2025-66335: Apache Doris MCP Server: MCP SQL inject https://t.co/FGychdwFaP may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.
@oss_security
19 Apr 2026
357 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-66335 CVE-2025-66335 https://t.co/J5kCFC0IOO Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
17 Apr 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:doris_mcp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95766A2C-71CC-4CC7-9F95-501B6ACC1E2F",
"versionEndExcluding": "0.6.1",
"versionStartIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]