AI description
CVE-2025-49596 affects MCP Inspector versions below 0.14.1. The vulnerability stems from a lack of authentication between the Inspector client and proxy. This allows unauthenticated requests to launch MCP commands over stdio. Specifically, the absence of authentication allows an attacker to potentially execute arbitrary remote commands on the MCP server. The vulnerability can be exploited remotely and doesn't require authentication. To remediate this vulnerability, users should upgrade to MCP Inspector version 0.14.1 or later.
- Description
- The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-306
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
🟥 CVE-2025-49596, CVSS: 9.4 (#Critical) #MCP Inspector version < 0.14.1 #Vulnerability allows remote code execution due to lack of authentication between the Inspector client and proxy. #CyberSecurity #CVE #RemoteCodeExecution #MCPInspector https://t.co/k7ZDYm3drw htt
@UjlakiMarci
14 Jun 2025
1159 Impressions
8 Retweets
17 Likes
7 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: CVE-2025-49596 in MCP Inspector (<0.14.1) lets unauth attackers execute remote code! Patch ASAP. No exploits yet. https://t.co/DOaoaqWZ86 #OffSeq #CVE2025 #infosec https://t.co/GqZr0cmubK
@offseq
14 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-49596: CRITICAL] MCP Inspector versions below 0.14.1 are vulnerable to remote code execution due to lack of authentication. Upgrade to version 0.14.1 or later to secure your servers. #cybersecurity#cve,CVE-2025-49596,#cybersecurity https://t.co/iyrX0AhRxx https://t.co/C
@CveFindCom
13 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49596 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lac… https://t.co/ar0nqaAEBt
@CVEnew
13 Jun 2025
778 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes