CVE-2025-49596
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-49596. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
Available Exploits
Related News
Anthropic has had an eventful couple weeks, and we have two separate write-ups to cover. The first is a vulnerability in the Antropic MCP Inspector, CVE-2025-49596. We’ve talked a bit …read more
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (4.0)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: July 9, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
GHSA-7f8r-222p-6f5gAdvisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References
Advisory provided by GitHub Security Advisory Database. Published: June 13, 2025, Modified: July 9, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Anthropic MCP Inspector: CVE-2025-49596: Vulnerability Disclosure
🔥 Top 10 Trending CVEs (13/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-45866](https://nvd.nist.gov/vuln/detail/CVE-2023-45866)** - 📝 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection …
Critical RCE Found in Anthropic’s MCP Inspector (CVE-2025-49596 | CVSS 9.4) Tenable Research has identified a critical RCE in **Anthropic’s MCP Inspector**, impacting all versions **earlier than 0.14.1**. ⚠️ Key Attack Vectors: * Web UI is open and unauthenticated by default * MCP Proxy binds to all interfaces, exposing systems …
🔥 Top 10 Trending CVEs (08/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-32023](https://nvd.nist.gov/vuln/detail/CVE-2025-32023)** - 📝 Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted …
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits Article from hacker news: https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html?m=1 Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain …
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits Article from hacker news: https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html?m=1 Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain …
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits Article from hacker news: https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html?m=1 Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain …
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits Article from hacker news: https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html?m=1 Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain …
Anthropic's MCP Inspector zero-day vulnerability has implications for all internet-facing MCP servers I've been reading about the recent critical vulnerability that was discovered in Anthropic's [MCP inspector](https://www.npmjs.com/package/@modelcontextprotocol/inspector), which was given a CVSS score of 9.4 out of 10. Importantly the researchers that discovered the vulnerability (Oligo) proved the attack was …
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits **A serious security vulnerability in Anthropic's Model Context Protocol has been identified, potentially allowing remote code execution on developer machines.** **Key Points:** - Vulnerability CVE-2025-49596 carries a CVSS score of 9.4, indicating severe risk. - Default configurations expose the …