CVE-2025-49596: 
JavaScript vulnerability analysis and mitigation

The MCP Inspector, a developer tool for testing and debugging MCP servers, was found to contain a critical security vulnerability (CVE-2025-49596) discovered on June 13, 2025. The vulnerability affects all versions below 0.14.1 and stems from a lack of authentication between the Inspector client and proxy, which could allow unauthenticated requests to launch MCP commands over stdio (GitHub Advisory, NVD).

The vulnerability has been assigned a Critical severity rating with a CVSS v4.0 base score of 9.4. The technical assessment indicates that the vulnerability is network-based (AV:N) with low attack complexity (AC:L), requiring no attack requirements (AT:N) or privileges (PR:N), though it does need passive user interaction (UI:P). The impact metrics show high severity across all categories for both vulnerable and subsequent systems (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) (Wiz).

The vulnerability enables remote code execution through unauthorized MCP commands over stdio. This could lead to unauthorized access and execution of commands on affected systems, potentially compromising the security of MCP servers being tested or debugged. The vulnerability is particularly dangerous in developer environments where AI tools are often tested against real-world production data and integrated with broader systems (Security Online).

Users are strongly advised to immediately upgrade to MCP Inspector version 0.14.1 or later, which implements proper authentication between the Inspector client and proxy through a random session token generation system. For those unable to upgrade immediately, it is recommended to ensure the proxy server binds only to localhost (127.0.0.1) and is not exposed to untrusted networks (GitHub Commit).