CVE-2025-66336
Analyzed Analyzed - Analysis Complete

SQL Injection in Apache Doris MCP Server

Vulnerability report for CVE-2025-66336, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-06-26

Assigner: Apache Software Foundation

Description

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-06-26
Generated
2026-07-12
AI Q&A
2026-06-22
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache doris_mcp_server From 0.1.0 (inc) to 0.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Apache Doris MCP Server has a SQL injection vulnerability in its metadata query path. This occurs because a user-controlled database name is directly inserted into a SQL query without proper authorization checks. As a result, an attacker who is authenticated, or even an anonymous attacker if authentication is disabled, can bypass SQL security validation and access metadata beyond the intended database scope.

Impact Analysis

This vulnerability can allow attackers to bypass security controls and access sensitive metadata from databases they should not have permission to view. This unauthorized access could lead to exposure of confidential information, potential data leaks, and compromise of database integrity.

Mitigation Strategies

Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.

Compliance Impact

The vulnerability allows an attacker to bypass SQL security validation and access metadata outside the intended database scope. This unauthorized access to metadata could potentially lead to exposure of sensitive information.

Such unauthorized access and potential data exposure may impact compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to personal and sensitive data.

Affected users are advised to upgrade to Doris version 0.6.1 or later to mitigate this risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66336. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart