CVE-2025-58444: 
JavaScript vulnerability analysis and mitigation

The MCP inspector, a developer tool for testing and debugging MCP servers, contains a cross-site scripting (XSS) vulnerability in versions prior to 0.16.6. The vulnerability is tracked as CVE-2025-58444 and was disclosed on September 8, 2025. The issue occurs when connecting to untrusted remote MCP servers with a malicious redirect URI (GitHub Advisory).

The vulnerability stems from improper neutralization of encoded URI schemes in web pages (CWE-84). When connecting to untrusted remote MCP servers, the application fails to properly validate redirect URIs, allowing attackers to inject malicious JavaScript code. The vulnerability has received a CVSS v4.0 base score of 8.6 (High) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (NVD).

If exploited, this vulnerability could allow attackers to interact directly with the inspector proxy and trigger arbitrary command execution. The high CVSS score reflects significant impacts to confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory).

Users are advised to update to version 0.16.6 which includes fixes for the vulnerability. The patch implements proper validation for OAuth redirect URLs and adds comprehensive security checks to prevent malicious URI schemes (GitHub Commit).

The vulnerability was responsibly disclosed with credit given to multiple security researchers: Raymond from Veria Labs, and Gavin Zhong and Shuyang Wang from Obsidian Security (GitHub Advisory).