CVE-2025-56404

Published: Sep 10, 2025Modified: Sep 17, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.

Affected (1)

Products: Mariadb: Model Context Protocol

Mariadb

1 product

Model Context Protocol

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mariadb Model Context Protocol	Version 0.1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/August829/CVEP/issues/2

Source: cve@mitre.org

Issue Tracking

https://github.com/MariaDB/mcp/issues/17

Source: cve@mitre.org

ExploitIssue Tracking

Timeline

No history available yet.