MCP Inspector - Authentication Bypass (CVE-2025-49596)

CVE-2025-49596 is a critical vulnerability in MCP Inspector versions prior to 0.14.1 that allows unauthenticated remote code execution due to missing authentication between the Inspector client and proxy. Attackers can exploit this flaw to send unauthorized requests and execute arbitrary MCP commands, potentially leading to full system compromise. Immediate upgrades to version 0.14.1 or later are strongly recommended to mitigate this severe risk.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

Based on data from the CrowdSec network, nearly all observed exploitation of CVE-2025-49596 is fully opportunistic, with attackers indiscriminately scanning the entire internet. These attacks are automated and lack any form of target selection or reconnaissance. In addition, according to the CrowdSec network, attack volume against CVE-2025-49596 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.

Attackers exploit unauthenticated access to the /sse endpoint with parameters like transportType=stdio and command=echo to remotely execute arbitrary MCP commands on vulnerable MCP Inspector instances. These requests do not require authentication and can be used to gain code execution on affected servers.