CVE-2025-53365
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the MCP Python SDK (mcp) before version 1.10.0. If a client deliberately triggers an exception after establishing a streamable HTTP session, it can cause an uncaught ClosedResourceError on the server side. This error causes the server to crash and requires a restart to restore service.
How can this vulnerability impact me? :
The vulnerability can cause the server running the MCP Python SDK to crash unexpectedly when a client triggers an exception after starting a streamable HTTP session. This results in service disruption until the server is restarted. The impact depends on deployment conditions and whether infrastructure-level resilience measures are in place.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the MCP Python SDK to version 1.10.0 or later, as this version contains a patch that fixes the vulnerability causing the server crash.