CVE-2025-58337

{"id": "CVE-2025-58337", "cveTags": [], "metrics": {}, "published": "2025-11-05T10:15:36.483", "references": [{"url": "https://lists.apache.org/thread/6tswlphj0pqn9zf25594r3c1vzvfj40h", "source": "security@apache.org"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An attacker with a valid read-only account can bypass Doris MCP Server\u2019s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.\n\n\nImpact:\n\nBypasses read-only mode; attackers with read-only access may perform unauthorized modifications.\n\n\n\n\nRecommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix)."}], "lastModified": "2025-11-05T10:15:36.483", "sourceIdentifier": "security@apache.org"}