CVE-2025-53365

Name of the Vulnerable Software and Affected Versions: MCP Python SDK versions prior to 1.10.0

Description: The issue arises when a client deliberately triggers an exception after establishing a streamable HTTP session, leading to an uncaught ClosedResourceError on the server side. This can cause the server to crash and require a restart to restore service. The impact may vary depending on deployment conditions and the presence of infrastructure-level resilience measures.

Recommendations: For versions prior to 1.10.0, update to version 1.10.0 to resolve the issue. As a temporary workaround, consider implementing measures to prevent deliberate exception triggering by clients, such as enhancing error handling or implementing rate limiting on HTTP sessions. Restrict access to the mcp SDK until the update is applied to minimize the risk of exploitation.