Description

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux).

INFO

Published Date :

2025-05-12T14:57:46.781Z

Last Modified :

2025-05-12T22:06:42.029Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47274 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47274.

URL Resource
https://github.com/stacklok/toolhive/commit/e8efa1b1d7b0776a39339257d30bf6c4a171f2b8 cve-icon cve-icon
https://github.com/stacklok/toolhive/releases/tag/v0.0.33 cve-icon cve-icon
https://github.com/stacklok/toolhive/security/advisories/GHSA-xj5p-w2v5-fjm6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability