MCP Inspector - Authentication Bypass (CVE-2025-49596)

CVE-2025-49596 is a critical vulnerability in MCP Inspector versions prior to 0.14.1 that allows unauthenticated remote code execution due to missing authentication between the Inspector client and proxy. Attackers can exploit this flaw to send unauthorized requests and execute arbitrary MCP commands, potentially leading to full system compromise. Immediate upgrades to version 0.14.1 or later are strongly recommended to mitigate this severe risk.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

Based on data from the CrowdSec network, nearly all observed exploitation of CVE-2025-49596 is fully opportunistic, with attackers indiscriminately scanning the entire internet. These attacks are automated and lack any form of target selection or reconnaissance. CrowdSec data also reveals a clear uptick in attacks involving CVE-2025-49596 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit unauthenticated access to the /sse endpoint with parameters like transportType=stdio and command=echo to remotely execute arbitrary MCP commands on vulnerable MCP Inspector instances. These requests do not require authentication and can be used to gain code execution on affected servers.