Critical RCE Flaw Found in Anthropic MCP Inspector, CVE-2025-49596

Researchers found a major security flaw in Anthropic's Model Context Protocol (MCP) Inspector tool that could enable remote code execution.

  • The vulnerability, tracked as CVE-2025-49596, has a critical CVSS score of 9.4 out of 10.
  • Attackers could exploit the flaw by chaining browser and protocol weaknesses to execute commands on a victim’s device.
  • Anthropic released a fix in version 0.14.1 of MCP Inspector, which now requires authentication and checks request origins.
  • The flaw highlighted risks for developers and organizations using MCP tools without secure configurations.

Cybersecurity researchers have identified a major vulnerability in Anthropic‘s Model Context Protocol (MCP) Inspector developer tool, which could allow attackers to take control of affected computers through remote code execution. The issue, disclosed in June 2025, impacts tools used to integrate Artificial Intelligence applications with outside data sources.

- Advertisement -

The flaw, designated as CVE-2025-49596, received a rating of 9.4 out of 10 for severity. According to Oligo Security’s Avi Lumelsky, “With code execution on a developer’s machine, attackers can steal data, install backdoors, and move laterally across networks – highlighting serious risks for AI teams, open-source projects, and enterprise adopters relying on MCP.”

Anthropic launched MCP in November 2024 as an open standard for large language model (LLM) applications to access and exchange data with external resources. The MCP Inspector tool, affected by the vulnerability, helps developers test and debug these connections using a client interface and a proxy server.

The primary security risk occurred because earlier versions of MCP Inspector did not require authentication or use encryption for local connections. This left systems open to attack if the MCP server was accessible to public or local networks. Attackers could combine a known browser flaw, called “0.0.0.0 Day,” with a cross-site request forgery (CSRF) vulnerability to execute malicious commands as soon as a developer visited a harmful website.

Researchers demonstrated that the proxy server’s default settings could listen on all IP addresses—including internal addresses—making them reachable from malicious web pages. The attack could also utilize DNS rebinding, tricking the browser into recognizing an attacker’s address as trusted.

Following notification of the issue in April, Anthropic released version 0.14.1 of the MCP Inspector on June 13. The update adds mandatory session tokens for the proxy server and checks the source of incoming requests, blocking CSRF and DNS rebinding attack methods. According to project maintainers, “The mitigation adds Authorization which was missing in the default prior to the fix, as well as verifying the Host and Origin headers in HTTP, making sure the client is really visiting from a known, trusted domain.”

Developers and organizations using older versions of MCP Inspector are advised to update immediately and review their network configurations to avoid exposing the MCP server to untrusted networks.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Bangladesh Joins China-Pakistan CPEC, Boosts De-Dollarization Push

China, Pakistan, and Bangladesh have launched a trilateral partnership to expand the China-Pakistan Economic...

XRP Jumps 3.5% as Bullish Options Surge, ETF Hopes Hit 95%

XRP price increased over 3.5% in the last 24 hours, with rising bullish activity...

Nexo Partners with DP World Tour in Historic Golf Deal

Nexo becomes the first digital assets company to partner with a major global golf...

Vitalik Buterin Donated and Burned 460T Shiba Inu Tokens in 2021

Shiba Inu launched on August 1, 2020, with half its total supply sent to...

OpenAI Disavows Robinhood’s Tokenized Stock Giveaway as “Fake”

Robinhood introduced tokenized stocks tied to OpenAI and SpaceX for its European users. OpenAI stated...

Must Read

This is How to Buy and Sell Bitcoin

Now more than ever, there are a variety of ways to enter and exit the crypto market. While this is good, the availability of...