CVE-2025-49596: MCP Inspector proxy server lacks authentication between the Inspector client and proxy
(updated )
Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
Credit: Rémy Marot bughunters@tenable.com
References
- github.com/advisories/GHSA-7f8r-222p-6f5g
- github.com/modelcontextprotocol/inspector
- github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979
- github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g
- nvd.nist.gov/vuln/detail/CVE-2025-49596
- thenewstack.io/mcp-vulnerability-exposes-the-ai-untrusted-code-crisis
- www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596
Code Behaviors & Features
Detect and mitigate CVE-2025-49596 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →