PT-2025-36513 · Unknown · Mcp Inspector
Gavin Zhong
+2
·
Published
2025-09-08
·
Updated
2025-09-22
·
CVE-2025-58444
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MCP Inspector versions prior to 0.16.6
Description
The MCP Inspector, a developer tool for testing and debugging MCP servers, is susceptible to a cross-site scripting issue. This issue occurs when connecting to untrusted remote MCP servers with a malicious redirect URI. Exploitation of this issue could allow interaction with the inspector proxy, potentially triggering arbitrary command execution.
Recommendations
Update MCP Inspector to version 0.16.6.
Exploit
Fix
RCE
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mcp Inspector