CVE-2025-58444: MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

September 8, 2025

An XSS issue was reported in the MCP Inspector local development tool when connecting to an untrusted remote MCP server with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue.

Thank you to the following researchers for their reports and contributions:

Raymond (Veria Labs)
Gavin Zhong, superboyzjc@gmail.com & Shuyang Wang, swang@obsidiansecurity.com.

References

github.com/advisories/GHSA-g9hg-qhmf-q45m
github.com/modelcontextprotocol/inspector
github.com/modelcontextprotocol/inspector/commit/650f3090d26344a672026b737d81586595bb1f60
github.com/modelcontextprotocol/inspector/security/advisories/GHSA-g9hg-qhmf-q45m
nvd.nist.gov/vuln/detail/CVE-2025-58444

Code Behaviors & Features

Detect and mitigate CVE-2025-58444 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →