Secure Cyber Vulnerability Management

04/07/2025
Qualys-Threat-Protect

Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)

by Deepanshu Jha

A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by AI developers for debugging Model Context Protocol (MCP) servers. Tracked as CVE-2025-49596, the vulnerability has a CVSS score of 9.4. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.

The Model Context Protocol (MCP) Inspector is a visual testing and debugging tool for MCP servers. It provides an interactive interface for developers to test and debug MCP servers, which are systems that allow AI models to connect with external tools and data.

Vulnerability Details

The MCP inspector contains two main components working together:

  • MCP Inspector Client (MCPI): A React-based web UI that provides an interactive interface for testing and debugging MCP servers.
  • MCP Proxy (MCPP): A Node.js server acting as a protocol bridge, connecting the web UI to MCP servers via stdio, Server-Sent Events, or HTTP.

The vulnerability originates from the lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. An attacker with access to the local network or public internet can potentially interact with and exploit these servers, exploiting the flaw.

The attacker may chain a known vulnerability affecting modern web browsers, named 0.0.0.0 Day, with a cross-site request forgery (CSRF) vulnerability in Inspector to run arbitrary code on the host simply upon visiting a malicious website.

Affected Versions

The vulnerability affects MCP Inspector versions prior to 0.14.1.

Mitigation

Users must upgrade to MCP Inspector version 0.14.1 or later to patch the vulnerability.

Please refer to the GitHub Security Advisory for more information.

Qualys Detection

Qualys customers can scan their devices with QID 732720 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g
https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596

Comments are closed.

You may also like