CVE-2025-59333
Last modified
CVE-2025-59333 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not impacted. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not impacted. As a result, the server is susceptible to abuse and attacks on affected database systems such as PostgreSQL, and potentially others that expose elevated functionalities. These attacks may lead to denial of service and other unexpected behaviors.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Executeautomation | Mcp Database Server | <= 1.1.0 |
References
- https://github.com/executeautomation/mcp-database-server/security/advisories/GHSA-65hm-pwj5-73pwExploit, Vendor Advisory
- https://github.com/executeautomation/mcp-database-server/security/advisories/GHSA-65hm-pwj5-73pwExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-59333?
How severe is CVE-2025-59333?
How do I fix CVE-2025-59333?
Are you affected by CVE-2025-59333?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST