
We found results for “”
CVE-2025-58444
Good to know:


Date: September 8, 2025
The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version @modelcontextprotocol/inspector - 0.16.6;https://github.com/modelcontextprotocol/inspector.git - 0.16.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |