Description

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue.

INFO

Published Date :

2025-09-08T21:24:58.821Z

Last Modified :

2025-09-09T13:31:04.737Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58444 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58444.

URL Resource
https://github.com/modelcontextprotocol/inspector/commit/650f3090d26344a672026b737d81586595bb1f60 cve-icon cve-icon
https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-g9hg-qhmf-q45m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability