CNNVD-202511-2045 Information

CNNVD ID

CNNVD-202511-2045

Related CVE

CVE-2025-63603

• CNNVD Published: 2025-11-18

Description (Chinese)

MCP Server for Data Exploration是reading-plus-ai个人开发者的一个MCP服务器。 MCP Server for Data Exploration 0.1.6版本存在安全漏洞，该漏洞源于safe_eval函数未限制__builtins__字典，可能导致任意代码执行。

Description (English)

MCP Server for Data Exploration is an MCP server for developing-plus-ai personal developers. There is a security loophole in version 0.1.6 of MCP Server for Data Exchange, which stems from the fact that the safe eval function does not limit the builtins dictionary, which may result in any code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/reading-plus-ai/mcp-server-data-exploration/issues/12 https://access.redhat.com/security/cve/cve-2025-63603