CVE-2025-66335 — MEDIUM (5.3)

Q: How severe is CVE-2025-66335?

CVE-2025-66335 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-66335?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Doris Mcp Server.

Vulnerability Description

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Doris Mcp Server	>= 0.1.0, < 0.6.1

Related Weaknesses (CWE)

CWE-89

References

https://lists.apache.org/thread/odp0fyyst8kxm7hhm9z4d1snh1y4hjpyVendor Advisory
http://www.openwall.com/lists/oss-security/2026/04/17/4Mailing List

FAQ

What is CVE-2025-66335?

CVE-2025-66335 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intend...

How severe is CVE-2025-66335?

CVE-2025-66335 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66335?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Doris Mcp Server.