Home > Vulnerability Database > CVE-2025-59333

Mend.io Vulnerability Database

CVE-2025-59333

Date: September 16, 2025

The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not impacted. As a result, the server is susceptible to abuse and attacks on affected database systems such as PostgreSQL, and potentially others that expose elevated functionalities. These attacks may lead to denial of service and other unexpected behaviors.

Severity Score

8.1

Related Resources (4)

Url: https://github.com/executeautomation/mcp-database-server

Url: https://github.com/executeautomation/mcp-database-server/security/advisories/GHSA-65hm-pwj5-73pw

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59333

Url: https://www.mend.io/vulnerability-database/CVE-2025-59333

Severity Score

8.1

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59333

Date: September 16, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?