CVE-2025-66414
📋 TL;DR
This vulnerability allows malicious websites to bypass same-origin policy restrictions via DNS rebinding attacks against local HTTP-based MCP servers running without authentication. It affects users running MCP TypeScript SDK HTTP servers locally without DNS rebinding protection enabled. Attackers could invoke tools or access resources exposed by the vulnerable MCP server.
💻 Affected Systems
- MCP TypeScript SDK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary tools or access sensitive resources exposed by the MCP server, potentially leading to data theft, system compromise, or unauthorized actions on the local system.
Likely Case
Limited access to specific tools or resources exposed by the MCP server, depending on what the server makes available to clients.
If Mitigated
No impact if servers use stdio transport, have authentication enabled, or run with DNS rebinding protection enabled.
🎯 Exploit Status
Exploitation requires a malicious website that can perform DNS rebinding attacks and a user visiting that site while running a vulnerable local MCP server.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.24.0
Vendor Advisory: https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-w48q-cv73-mx4w
Restart Required: Yes
Instructions:
1. Update MCP TypeScript SDK to version 1.24.0 or later using npm: npm update @modelcontextprotocol/sdk. 2. Restart any running MCP servers to apply the fix.
🔧 Temporary Workarounds
Enable DNS rebinding protection
allManually enable DNS rebinding protection on HTTP-based MCP servers
Set enableDnsRebindingProtection: true in server configuration
Use authentication
allEnable authentication on HTTP-based MCP servers as recommended by MCP security best practices
Configure authentication according to MCP documentation
Use stdio transport
allSwitch from HTTP-based transport to stdio transport which is not affected
Change transport configuration to use stdio instead of HTTP
🧯 If You Can't Patch
- Enable DNS rebinding protection on all HTTP-based MCP servers
- Implement authentication on all HTTP-based MCP servers
- Consider using stdio transport instead of HTTP transport
🔍 How to Verify
Check if Vulnerable:
Check if using MCP TypeScript SDK version <1.24.0 and running HTTP-based servers without enableDnsRebindingProtection enabledCheck Version:
npm list @modelcontextprotocol/sdkVerify Fix Applied:
Verify MCP TypeScript SDK version is 1.24.0 or higher and DNS rebinding protection is enabled by default📡 Detection & Monitoring
Log Indicators:
- Unexpected requests to local MCP servers from external sources
- DNS rebinding attempts in network logs
Network Indicators:
- DNS queries with short TTL followed by HTTP requests to localhost
- Cross-origin requests to local MCP server ports
SIEM Query:
source_ip=external AND dest_ip=127.0.0.1 AND dest_port=(MCP_server_port) AND protocol=HTTP