CVE-2025-64443
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-64443, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-03

Last updated on: 2026-03-10

Assigner: GitHub, Inc.

Description

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-03
Last Modified
2026-03-10
Generated
2026-07-06
AI Q&A
2025-12-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
docker mcp_gateway to 0.28.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-749 The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a DNS rebinding issue in MCP Gateway versions 0.27.0 and earlier when running in sse or streaming transport mode. An attacker can exploit this by tricking a victim into visiting a malicious website or viewing a malicious advertisement, which then allows browser-based attacks on MCP servers behind the gateway. This can lead to manipulation of tools or features exposed by those MCP servers. The vulnerability does not affect MCP Gateway when running in the default stdio mode, which does not listen on network ports. The issue is fixed in version 0.28.0.

Impact Analysis

If exploited, this vulnerability can allow an attacker to manipulate MCP servers behind the gateway through the victim's browser. This could lead to unauthorized control or interference with the tools or features exposed by those MCP servers, potentially compromising the integrity and functionality of the affected systems.

Mitigation Strategies

To mitigate this vulnerability, upgrade MCP Gateway to version 0.28.0 or later. Additionally, avoid running MCP Gateway in sse or streaming transport mode, as the vulnerability does not affect the default stdio mode which does not listen on network ports.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64443. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart