Threat Advisory

Apache Doris Vulnerability Enables SQL Injection

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2025-66336 with a CVSS score of 8.1 is a severe SQL injection vulnerability in the Apache Doris MCP Server, specifically affecting versions 0.1.0 up to, but excluding, version 0.6.1, which allows an attacker to inject malicious SQL code by manipulating the database name, thereby bypassing authentication checks, and this can be exploited through a network-based attack vector with no prior access or authentication required, granting the attacker the capability to access restricted database metadata, including sensitive internal structures, and potentially leading to severe compliance violations, heavy fines, and exposure of sensitive customer records, with the business impact being significant as it threatens the entire data ecosystem, and prerequisites for exploitation include the MCP Server being configured with disabled authentication or inadequate input sanitization, allowing the attacker to manipulate the input and bypass SQL security validation completely.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2025-66336 with a CVSS score of 8.1 is a severe SQL injection vulnerability in the Apache Doris MCP Server, specifically affecting versions 0.1.0 up to, but excluding, version 0.6.1, which allows an attacker to inject malicious SQL code by manipulating the database name, thereby bypassing authentication checks, and this can be exploited through a network-based attack vector with no prior access or authentication required, granting the attacker the capability to access restricted database metadata, including sensitive internal structures, and potentially leading to severe compliance violations, heavy fines, and exposure of sensitive customer records, with the business impact being significant as it threatens the entire data ecosystem, and prerequisites for exploitation include the MCP Server being configured with disabled authentication or inadequate input sanitization, allowing the attacker to manipulate the input and bypass SQL security validation completely.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update Apache Doris MCP Server to version 0.6.1.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/apache-doris-sql-injection-cve-2025-66336/

[/emaillocker]
crossmenu