Skip to main content

Apache EUVDEUVD-2025-209532

| CVE-2025-66335 MEDIUM
SQL Injection (CWE-89)
2026-04-20 apache GHSA-qhfq-gvvc-5q6q
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

6
Patch released
Apr 22, 2026 - 14:17 nvd
Patch available
Analysis Generated
Apr 20, 2026 - 17:11 vuln.today
Patch available
Apr 20, 2026 - 15:31 EUVD
EUVD ID Assigned
Apr 20, 2026 - 14:15 euvd
EUVD-2025-209532
Analysis Generated
Apr 20, 2026 - 14:15 vuln.today
CVE Published
Apr 20, 2026 - 13:27 nvd
MEDIUM 5.3

DescriptionCVE.org

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.

AnalysisAI

SQL injection in Apache Doris MCP Server versions before 0.6.1 allows unauthenticated remote attackers to execute unintended SQL statements and bypass query validation and access restrictions via improper neutralization in the MCP query execution interface. The vulnerability has a CVSS score of 5.3 (network-accessible, low complexity, no authentication required) but is classified as partial impact (confidentiality only, no integrity or availability impact) and has not been confirmed as actively exploited. A vendor patch is available.

Technical ContextAI

Apache Doris MCP Server is a Model Context Protocol (MCP) server component of the Apache Doris distributed SQL analytics engine. The vulnerability exists in the query context handling mechanism within the MCP query execution interface, which fails to properly neutralize user-supplied input when constructing SQL statements. This is a classic SQL injection flaw (CWE-89: Improper Neutralization of Special Elements used in an SQL Command) where untrusted input passed through the MCP interface reaches SQL execution without sufficient parameterization or escaping. The MCP (Model Context Protocol) is an interface protocol that allows external tools and models to interact with Doris query execution. The affected CPE (cpe:2.3:a:apache_software_foundation:apache_doris_mcp_server:*:*:*:*:*:*:*:*) indicates all versions of the Doris MCP Server component up to 0.6.0 are vulnerable.

RemediationAI

Upgrade Apache Doris MCP Server to version 0.6.1 or later immediately to remediate the SQL injection vulnerability. The vendor has released a patched version as confirmed by the Apache advisory at https://lists.apache.org/thread/odp0fyyst8kxm7hhm9z4d1snh1y4hjpy. Until patching is feasible, implement network segmentation to restrict access to the MCP query execution interface to trusted internal clients only; disable or restrict the MCP protocol if it is not required for operations; and apply input validation and parameterized query frameworks at the application layer if custom integrations exist. Note that network restriction reduces attack surface but does not eliminate the vulnerability if internal systems are compromised. Input validation at the application layer is effective but adds latency and maintenance burden; parameterized queries are the preferred long-term compensating control. Upgrading to 0.6.1 is the only permanent fix and should be prioritized.

Share

EUVD-2025-209532 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy