Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-53366

Good to know:

icon
icon

Date: July 4, 2025

The MCP Python SDK, called "mcp" on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue.

Severity Score

Related Resources (7)

https://github.com/modelcontextprotocol/python-sdk/commit/29c69e6a47d0104d0afcea6ac35e7ab02fde809a
https://github.com/modelcontextprotocol/python-sdk
https://github.com/modelcontextprotocol/python-sdk/pull/822
https://nvd.nist.gov/vuln/detail/CVE-2025-53366
https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-3qhf-m339-9g5v
https://github.com/modelcontextprotocol/python-sdk/releases/tag/v1.9.4
https://www.mend.io/vulnerability-database/CVE-2025-53366

Severity Score

Weakness Type (CWE)

Uncaught Exception

CWE-248

Top Fix

icon

Upgrade Version

Upgrade to version mcp - 1.9.4;mcp - 1.9.4;https://github.com/modelcontextprotocol/python-sdk.git - v1.9.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us