Cybersecurity experts have identified a critical vulnerability (CVE-2025-49596) in Anthropicโs MCP Inspector that could allow remote code execution and full system access. This flaw, combined with browser exploits, poses serious risks for AI development and enterprise operations relying on MCP protocols. #Anthropic #MCPInspector
Keypoints
- The vulnerability CVE-2025-49596 affects versions of Anthropicโs MCP Inspector below 0.14.1.
- Attackers can exploit this vulnerability via malicious websites utilizing the 0.0.0.0 Day browser flaw and CSRF techniques.
- Default configurations of the MCP Inspector lack authentication and encryption, increasing attack surface risks.
- Successful exploitation could enable attackers to steal data, install backdoors, and lateral movement within networks.
- The vulnerability was addressed in June 2025 with an update that added session tokens and origin validation to improve security.
Read More: https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html