CVE Watchtower


← Back to CVE List

CVE-2025-49596NVD

Vulnerability Summary

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
Severity Level
CRITICAL(9.4)
Published Date
Jun 13, 2025
Last Modified
Jul 9, 2025
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
Refer to the official MITRE database for detailed architectural specifications regarding this weakness.
CVSS v4.0 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone