CVE-2025-53366
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the MCP Python SDK (mcp) prior to version 1.9.4, where a validation error when processing malformed requests can cause an unhandled exception. This leads to service unavailability, resulting in 500 errors until the service is manually restarted.
How can this vulnerability impact me? :
The vulnerability can cause the MCP SDK service to become unavailable due to unhandled exceptions triggered by malformed requests. This results in 500 errors and requires manual intervention to restart the service, potentially disrupting normal operations depending on deployment and infrastructure resilience.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the MCP Python SDK to version 1.9.4 or later, which contains a patch for the validation error causing unhandled exceptions and service unavailability. Additionally, consider implementing infrastructure-level resilience measures to reduce impact until the upgrade can be applied.