Security Advisory

CVE-2025-58337

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-05 09:26:36

Last updated 2025-11-06 15:55:05

Assigner apache

State PUBLISHED

Description

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).

← Browse all CVEs View on cve.org ↗