CVE-2025-49596 — MCP Inspector proxy server lacks authentication between the Inspector client and

Description

Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. Credit: Rémy Marot <[email protected]>

How to fix CVE-2025-49596

To remediate CVE-2025-49596, upgrade the affected package to a fixed version below.

npm/@modelcontextprotocol/inspector—upgrade to 0.14.1 or later

Is CVE-2025-49596 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.14.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-49596
PATCHgithub.com/modelcontextprotocol/inspector
WEBgithub.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979
WEBgithub.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g