CVE-2025-13822
Authentication Bypass in MCPHub < 0.11.0 Allows Privilege Abuse
Publication date: 2026-04-14
Last updated on: 2026-05-01
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mcphubx | mcphub | to 0.11.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-13822 is an authentication bypass vulnerability in MCPHub versions below 0.11.0.
The vulnerability exists because some endpoints in MCPHub are not protected by authentication middleware.
This allows an unauthenticated attacker to perform actions on behalf of other users and use their privileges.
It is classified under CWE-639: Authorization Bypass Through User-Controlled Key.
How can this vulnerability impact me? :
This vulnerability can allow an attacker who is not authenticated to perform actions as if they were other users.
Such unauthorized actions could lead to misuse of privileges, potentially compromising the integrity and security of the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the authentication bypass vulnerability in MCPHub versions below 0.11.0, you should upgrade MCPHub to version 0.11.0 or later where the issue is fixed.
Additionally, ensure that all endpoints are properly protected by authentication middleware to prevent unauthenticated access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing whether certain MCPHub endpoints allow unauthenticated access and actions. Since the issue is an authentication bypass on some endpoints, you can attempt to access these endpoints without credentials and observe if actions can be performed.
A practical approach is to identify the endpoints exposed by MCPHub and try sending HTTP requests without authentication headers to see if you receive successful responses or can perform privileged actions.
Example commands using curl to test unauthenticated access might include:
- curl -i http://<mcphub-server>/api/endpoint -X GET
- curl -i http://<mcphub-server>/api/endpoint -X POST -d '{"action":"test"}' -H 'Content-Type: application/json'
Replace <mcphub-server> and /api/endpoint with actual server address and endpoint paths. If these requests succeed without authentication, it indicates the presence of the vulnerability.