Dossier
CVE-2025-66335
Coverage of CVE-2025-66335 in the Nexus archive.
- Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs
Security vulnerabilities were found in MCP servers for Apache Doris, Alibaba RDS, and Apache Pinot, allowing attackers to execute unintended SQL statements or take over instances. Alibaba declined to patch its flaw, while Apache issued a patch for Doris. The vulnerabilities highlight a larger problem in MCP development.