Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-56404

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.

Published

2025-09-10T14:15:39.237

Last Modified

2025-09-17T20:32:54.887

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mariadb	model_context_protocol	0.1.0	Yes

References

https://github.com/August829/CVEP/issues/2 Issue Tracking ([email protected])
https://github.com/MariaDB/mcp/issues/17 Exploit, Issue Tracking ([email protected])