CVE-2025-59333
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-10-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| executeautomation | mcp_database_server | to 1.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the mcp-database-server (MCP Server) version 1.1.0 and earlier, distributed via the npm package @executeautomation/database-server. It fails to properly enforce a 'read-only' mode, allowing attackers to abuse the server and potentially exploit affected database systems like PostgreSQL. This improper enforcement can lead to unauthorized actions and unexpected behaviors.
How can this vulnerability impact me? :
This vulnerability can lead to denial of service and other unexpected behaviors on affected database systems. Attackers may exploit the failure to enforce 'read-only' mode to perform unauthorized actions, potentially disrupting service availability and compromising system stability.