CVE-2025-66336
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope.
Risk Assessment
The risk involves unauthorized access to metadata of other databases, potentially leading to leakage of sensitive information about data structure or system configuration.
Recommendation
It is recommended to upgrade to Doris version 0.6.1 or later, which fixes this vulnerability.
Original NVD description (English source)
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.

