Critical Vulnerability in Anthropic MCP Inspector Let Attackers Execute Arbitrary Code

This vulnerability represents one of the first critical security flaws found in Anthropic’s Model Context Protocol (MCP) ecosystem, potentially exposing AI developers and organizations to significant cyber threats through browser-based attacks. The flaw affects all versions of MCP Inspector prior to 0.14.1, allowing attackers to execute arbitrary code on developers’ machines simply by tricking victims into visiting malicious websites. The malicious code can be embedded in websites, blog posts, or other web content, making the attack vector particularly dangerous for developers who frequently browse technical content online. When developers follow the standard quickstart documentation and run the mcp dev command, the tool launches with default configurations that lack proper authentication mechanisms, creating a significant attack surface. Malicious websites can execute code on victims' machines using the 0.0.0.0-day exploit and CSRF attacks. Major technology companies, including Microsoft and Google, which increasingly rely on MCP-related technologies for AI and cloud services, could be affected if they run vulnerable versions of the inspector tool. The updated version generates unique session tokens by default and includes improved security documentation.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Jul 2025 10:15:21 +0000

Cyber News related to Critical Vulnerability in Anthropic MCP Inspector Let Attackers Execute Arbitrary Code

Anthropic confirms it suffered a data leak - It's been an eventful week for AI startup Anthropic, creator of the Claude family of large language models and associated chatbots. The company says that on Monday, January 22nd, it became aware that a contractor inadvertently sent a file containing ...
1 year ago Venturebeat.com Inception

Critical Vulnerability in Anthropic MCP Inspector Let Attackers Execute Arbitrary Code - This vulnerability represents one of the first critical security flaws found in Anthropic’s Model Context Protocol (MCP) ecosystem, potentially exposing AI developers and organizations to significant cyber threats through browser-based attacks. ...
4 months ago Cybersecuritynews.com

Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks - According to the JFrog security research team report, CVE-2025-6514 exploits the OAuth authorization flow in mcp-remote, a proxy tool that enables LLM hosts like Claude Desktop to communicate with remote MCP servers. The vulnerability affects ...
4 months ago Cybersecuritynews.com CVE-2025-6514

New Attack Techniques Using MCP & How It Will be Used to Build Security Tools - The security industry’s rapid response to MCP demonstrates the ongoing evolution of cybersecurity defenses, with researchers already incorporating elements of MCP’s evasion techniques into next-generation security tools that promise ...
6 months ago Cybersecuritynews.com

Anthropic’s MCP Server Vulnerability Let Attackers Escape Server’s Sandbox and Execute Arbitrary Code - Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems. When validation fails on the symlink target, the code ...
4 months ago Cybersecuritynews.com CVE-2025-53109

Threat Actors Can Weaponize MCP Servers - Threat actors have discovered new ways to exploit MCP (Master Control Program) servers, turning them into potent weapons for cyberattacks. MCP servers, critical in managing and controlling network operations, are increasingly targeted due to their ...
2 months ago Cybersecuritynews.com

Anthropic Pledges to Not Use Private Data to Train Its AI - Anthropic, a leading generative AI startup, has announced that it would not employ its clients' data to train its Large Language Model and will step in to safeguard clients facing copyright claims. Anthropic, which was established by former OpenAI ...
1 year ago Cysecurity.news

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows - GitGuardian, the leader in automated secrets detection and remediation, today announced the launch of its Model Context Protocol (MCP) Server, a powerful new infrastructure designed to bring AI-assisted secrets security directly into developer ...
4 months ago Cybersecuritynews.com

Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction - There is a possibility that artificial intelligence models can be trained to deceive. According to a new research led by Google-backed AI startup Anthropic, if a model exhibits deceptive behaviour, standard techniques cannot remove the deception and ...
1 year ago Cysecurity.news

Anthropic releases Claude 3 Haiku, an AI model built for speed and affordability - Join leaders in Boston on March 27 for an exclusive night of networking, insights, and conversation. San Francisco-based startup Anthropic has just released Claude 3 Haiku, the newest addition to its Claude 3 family of AI models. Haiku stands out as ...
1 year ago Venturebeat.com

CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media

CVE-2025-58444 - The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a ...
2 months ago

Malicious MCP Server Exfiltrates Secrets, BCC - A newly discovered malicious MCP (Managed Control Protocol) server has been found exfiltrating sensitive secrets and data, posing a significant threat to organizations relying on this protocol for secure communications. This attack vector exploits ...
1 month ago Darkreading.com

AI Explainer: What is Model Context Protocol? - The article "AI Explainer: What is Model Context Protocol?" published on Akamai's blog delves into the emerging concept of Model Context Protocol (MCP) in artificial intelligence. MCP is a framework designed to enhance AI models' understanding and ...
3 weeks ago Akamai.com

CVE-2023-7080 - The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to ...
1 year ago

Researcher Integrated Copilot with WinDbg to Analyze Windows Crash Dumps - Sven Scharmentke recently unveiled “mcp-windbg,” an open-source project that integrates GitHub Copilot with WinDbg through Anthropic’s Model Context Protocol (MCP), enabling developers to investigate system crashes using natural ...
6 months ago Cybersecuritynews.com

CVE-2025-53098 - Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of ...
5 months ago

ChatGPT and MCP Tools Pose Risks to Private Data: What You Need to Know - The rise of AI-powered tools like ChatGPT and MCP (Machine Code Processing) has brought significant advancements in automation and data processing. However, these technologies also introduce new risks to private data security. This article explores ...
2 months ago Cybersecuritynews.com

CVE-2025-58747 - Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth ...
1 month ago

CVE-2025-53818 - GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command ...
4 months ago

CVE-2025-6515 - The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate ...
1 month ago

CVE-2025-53100 - RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and ...
4 months ago