{"schema_version": "1.6.1", "id": "CVE-2025-58337", "summary": "Improper Access Control results in bypassing a \"read-only\" mode for doris-mcp-server MCP Server", "details": "An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.\n\n\nImpact:\n\nBypasses read-only mode; attackers with read-only access may perform unauthorized modifications.\n\n\n\n\nRecommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.1.0"}, {"fixed": "0.6.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/6tswlphj0pqn9zf25594r3c1vzvfj40h"}]}