CVE-2025-13822
Received Received - Intake

Authentication Bypass in MCPHub < 0.11.0 Allows Privilege Abuse

Vulnerability report for CVE-2025-13822, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-14

Last updated on: 2026-05-01

Assigner: CERT.PL

Description

MCPHub in versions belowΒ 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-14
Last Modified
2026-05-01
Generated
2026-07-06
AI Q&A
2026-04-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mcphubx mcphub to 0.11.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-13822 is an authentication bypass vulnerability in MCPHub versions below 0.11.0.

The vulnerability exists because some endpoints in MCPHub are not protected by authentication middleware.

This allows an unauthenticated attacker to perform actions on behalf of other users and use their privileges.

It is classified under CWE-639: Authorization Bypass Through User-Controlled Key.

Impact Analysis

This vulnerability can allow an attacker who is not authenticated to perform actions as if they were other users.

Such unauthorized actions could lead to misuse of privileges, potentially compromising the integrity and security of the system.

Mitigation Strategies

To mitigate the authentication bypass vulnerability in MCPHub versions below 0.11.0, you should upgrade MCPHub to version 0.11.0 or later where the issue is fixed.

Additionally, ensure that all endpoints are properly protected by authentication middleware to prevent unauthenticated access.

Detection Guidance

This vulnerability can be detected by testing whether certain MCPHub endpoints allow unauthenticated access and actions. Since the issue is an authentication bypass on some endpoints, you can attempt to access these endpoints without credentials and observe if actions can be performed.

A practical approach is to identify the endpoints exposed by MCPHub and try sending HTTP requests without authentication headers to see if you receive successful responses or can perform privileged actions.

Example commands using curl to test unauthenticated access might include:

  • curl -i http://<mcphub-server>/api/endpoint -X GET
  • curl -i http://<mcphub-server>/api/endpoint -X POST -d '{"action":"test"}' -H 'Content-Type: application/json'

Replace <mcphub-server> and /api/endpoint with actual server address and endpoint paths. If these requests succeed without authentication, it indicates the presence of the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13822. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart