CVE-2025-66454
📋 TL;DR
Arcade MCP versions before 1.5.4 use a hardcoded default worker secret ('dev') that is never validated during server startup. This allows unauthenticated attackers who know this default key to forge valid JWTs and completely bypass FastAPI authentication, granting remote access to all worker endpoints including tool enumeration and invocation. All deployments using vulnerable versions are affected.
💻 Affected Systems
- Arcade MCP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Arcade MCP server allowing attackers to execute arbitrary tools, potentially leading to data exfiltration, system takeover, or lateral movement within the network.
Likely Case
Unauthorized access to worker endpoints enabling attackers to enumerate available tools and execute them with the same privileges as the server process.
If Mitigated
Limited impact if server is isolated in a segmented network with strict egress filtering, though authentication bypass remains.
🎯 Exploit Status
Exploitation requires only knowledge of the default secret ('dev') and ability to craft JWTs, which is trivial for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.4
Vendor Advisory: https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438
Restart Required: Yes
Instructions:
1. Update Arcade MCP to version 1.5.4 or later using pip: 'pip install --upgrade arcade-mcp>=1.5.4' 2. Restart the Arcade MCP server 3. Verify the update was successful
🔧 Temporary Workarounds
Set custom worker secret
allOverride the default hardcoded secret with a custom strong secret during server startup
export WORKER_SECRET='your_strong_random_secret_here'
arcade-mcp start --worker-secret $WORKER_SECRET
Network isolation
linuxRestrict network access to the Arcade MCP server using firewall rules
# Example iptables rule: iptables -A INPUT -p tcp --dport <arcade-port> -s <trusted-ip> -j ACCEPT
# Block all other access: iptables -A INPUT -p tcp --dport <arcade-port> -j DROP
🧯 If You Can't Patch
- Immediately change the worker secret to a strong, random value and ensure it's properly validated
- Implement network segmentation to restrict access to only trusted IP addresses and monitor for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if Arcade MCP version is below 1.5.4 by running: 'arcade-mcp --version' or 'pip show arcade-mcp'Check Version:
arcade-mcp --version || pip show arcade-mcp | grep VersionVerify Fix Applied:
Verify version is 1.5.4 or higher and test authentication by attempting to access endpoints without proper credentials📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts with default 'dev' secret
- Unauthorized access to worker endpoints
- Unusual tool invocation patterns
Network Indicators:
- HTTP requests to worker endpoints without proper authentication headers
- Traffic from unexpected sources to Arcade MCP ports
SIEM Query:
source="arcade-mcp" AND (event="authentication_failure" OR event="unauthorized_access")