CVE-2025-58444
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-09-09

Assigner: GitHub, Inc.

Description
The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58444
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
modelcontextprotocol inspector *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-84 The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site scripting (XSS) issue in the MCP Inspector local development tool versions prior to 0.16.6. It occurs when connecting to untrusted remote MCP servers that use a malicious redirect URI. Exploiting this vulnerability allows an attacker to interact directly with the inspector proxy and trigger arbitrary command execution.

Impact Analysis

The vulnerability can lead to arbitrary command execution on the system running the MCP Inspector tool. This means an attacker could potentially execute malicious commands, compromising the security and integrity of the affected system.

Mitigation Strategies

Users are advised to update the MCP Inspector local development tool to version 0.16.6 or later to resolve this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58444. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart