8.1

CVE-2025-59333

Exploit

EPSS 0.11%
Veröffentlicht 16.09.2025 14:18:48
Zuletzt bearbeitet 08.10.2025 19:18:04
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not impacted. As a result, the server is susceptible to abuse and attacks on affected database systems such as PostgreSQL, and potentially others that expose elevated functionalities. These attacks may lead to denial of service and other unexpected behaviors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Executeautomation ≫ Mcp Database Server SwPlatformnode.js Version <= 1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.3

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/executeautomation/mcp-database-server/security/advisories/GHSA-65hm-pwj5-73pw

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-59333

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59333

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59333

EUVD