Description

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.

INFO

Published Date :

2025-06-13T20:11:40.453Z

Last Modified :

2025-07-09T20:19:02.667Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49596 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49596.

URL Resource
https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979 cve-icon cve-icon
https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g cve-icon cve-icon
https://thenewstack.io/mcp-vulnerability-exposes-the-ai-untrusted-code-crisis cve-icon cve-icon
https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability