ghsa-6q9c-m9fr-865m
Vulnerability from github
Published
2025-09-29 16:28
Modified
2025-09-30 15:15
Severity ?
Summary
vet MCP Server SSE Transport DNS Rebinding Vulnerability
Details
SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation.
To exploit this vulnerability following conditions must be met:
- A
vetscan is executed and reports are saved assqlite3database - A
vetMCP server is running on default port with SSE transport that has access to the report database - The attacker lures the victim to attacker controlled website
- Attacker leverages DNS rebinding to access
vetSSE server on127.0.0.1through the website - Attacker uses MCP tools to read information from report database
Impact
Data from vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.
Patches
v1.12.5is released that patches the issue withHostandOriginheader allow list and validation
Workarounds
- Use
stdio(default) transport for SSE server
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/safedep/vet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59163"
],
"database_specific": {
"cwe_ids": [
"CWE-350"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-29T16:28:49Z",
"nvd_published_at": "2025-09-29T22:15:36Z",
"severity": "LOW"
},
"details": "SafeDep `vet` is vulnerable to a DNS rebinding attack due to lack of HTTP `Host` and `Origin` header validation. \n\nTo exploit this vulnerability following conditions must be met:\n\n1. A `vet` scan is executed and reports are saved as `sqlite3` database\n2. A `vet` MCP server is running on default port with SSE transport that has access to the report database\n3. The attacker lures the victim to attacker controlled website\n4. Attacker leverages DNS rebinding to access `vet` SSE server on `127.0.0.1` through the website\n5. Attacker uses MCP tools to read information from report database\n\n### Impact\n\nData from `vet` scan sqlite3 database may be exposed to remote attackers when `vet` is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.\n\n### Patches\n\n* `v1.12.5` is released that patches the issue with `Host` and `Origin` header allow list and validation\n\n### Workarounds\n\n* Use `stdio` (default) transport for SSE server",
"id": "GHSA-6q9c-m9fr-865m",
"modified": "2025-09-30T15:15:06Z",
"published": "2025-09-29T16:28:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/safedep/vet/security/advisories/GHSA-6q9c-m9fr-865m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59163"
},
{
"type": "WEB",
"url": "https://github.com/safedep/vet/commit/0ae3560ba11846375812377299fe078d45cc3d48"
},
{
"type": "PACKAGE",
"url": "https://github.com/safedep/vet"
},
{
"type": "WEB",
"url": "https://github.com/safedep/vet/releases/tag/v1.12.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "vet MCP Server SSE Transport DNS Rebinding Vulnerability"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.