CVE-2025-11286 – This vulnerability allows remote attackers to p... (How to Fix)

Q: What is the severity of CVE-2025-11286?

CVE-2025-11286 has a CVSS score of 4.7 (MEDIUM). This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against samanhappy MCPHub installations up to version 0.9.10. By manipulating the baseUrl argument in the MCPRouter Service component, attackers can make the vulnerable server send requests to internal systems. This affects all users running vulnerable versions of MCPHub.

📋 TL;DR

This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against samanhappy MCPHub installations up to version 0.9.10. By manipulating the baseUrl argument in the MCPRouter Service component, attackers can make the vulnerable server send requests to internal systems. This affects all users running vulnerable versions of MCPHub.

💻 Affected Systems

Products:

samanhappy MCPHub

Versions: up to 0.9.10

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the MCPRouter Service component in src/controllers/serverController.ts

📦 What is this software?

Mcphub by Mcphubx

View all CVEs affecting Mcphub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to other internal systems by exploiting the vulnerable server as a proxy.

🟠

Likely Case

Attackers scan for and exploit vulnerable instances to probe internal networks, potentially accessing metadata services or internal APIs.

🟢

If Mitigated

With proper network segmentation and input validation, impact is limited to the vulnerable server itself.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details publicly disclosed on GitHub; vendor unresponsive to disclosure

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: none

Restart Required: No

Instructions:

No official patch available. Consider upgrading if vendor releases fix, or implement workarounds.

🔧 Temporary Workarounds

Input Validation for baseUrl

all

Implement strict validation to only allow trusted URLs in the baseUrl parameter

Network Segmentation

all

Restrict outbound network access from the MCPHub server to only necessary destinations

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block SSRF patterns
Monitor for unusual outbound connections from the MCPHub server

🔍 How to Verify

Check if Vulnerable:

Check MCPHub version; if ≤0.9.10, assume vulnerable

Check Version:

Check package.json or application logs for version information

Verify Fix Applied:

Test if baseUrl parameter can trigger requests to internal IPs (e.g., 127.0.0.1, 169.254.169.254)

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from MCPHub to internal IPs
baseUrl parameter containing internal addresses

Network Indicators:

MCPHub server making requests to metadata services (169.254.169.254) or internal endpoints

SIEM Query:

source_ip=MCPHub_server AND dest_ip IN (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.169.254)

📊 Metadata

CVE ID: CVE-2025-11286

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.07% exploit probability (20.2th percentile)

Published: October 5, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/August829/YU1/issues/7 Exploit,Issue Tracking
https://vuldb.com/?ctiid.327044 Permissions Required,VDB Entry
https://vuldb.com/?id.327044 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.659744 Third Party Advisory,VDB Entry
https://github.com/August829/YU1/issues/7 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11286, you might also want to check these: