428 matches found
PT-2025-27630 · Anthropic · Slack Model Context Protocol (Mcp) Server
Name of the Vulnerable Software and Affected Versions: Anthropic’s Slack Model Context Protocol MCP Server affected versions not specified Description: A data exfiltration issue exists in the deprecated Slack Model Context Protocol MCP Server via automatic link unfurling. When an AI agent using t...
PT-2025-27616
Name of the Vulnerable Software and Affected Versions Model Context Protocol Servers Filesystem versions prior to 0.6.4 or 2025.7.01 Model Context Protocol Servers Filesystem versions prior to 0.6.3 or 2025.7.1 Description Model Context Protocol Servers is a collection of reference implementation...
CVE-2025-52573
iOS Simulator MCP Server ios-simulator-mcp is a Model Context Protocol MCP server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. T...
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
CVE-2025-53098
Roo Code prior to version 3.20.3 stores the MCP configuration in .roo/mcp.json. The MCP config format allows executing arbitrary commands, enabling an attacker who can submit prompts (e.g., via prompt injection) and who has MCP enabled and auto-approve file writes turned on to inject a malicious ...
CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...
Model Context Protocol (MCP) at First Glance: Studying the Security and Maintainability of MCP Servers
Although Foundation Models FMs, such as GPT-4, are increasingly used in domains like finance and software engineering, reliance on textual interfaces limits these models' real-world interaction. To address this, FM providers introduced tool calling-triggering a proliferation of frameworks with...
Personalized Constitutionally-Aligned Agentic Superego: Secure AI Behavior Aligned to Diverse Human Values
Agentic AI systems, possessing capabilities for autonomous planning and action, exhibit immense potential across diverse domains. However, their practical deployment is significantly hampered by challenges in aligning their behavior with varied human values, complex safety requirements, and...
This Week in Spring - June 10th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's been a busy week indeed since we last spoke! Last week I was in Amsterdam for the IntelliJ IDEA conference and for the JSpring event in Utrecht. Now, I'm in Tokyo, Japan, for the JJUG Spring 2025 event. Importantly: both...
Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response
Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...
Markdownify MCP Server 安全漏洞
Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server that stems from the Markdownify.get function that could lead to...
aws-mcp-server 操作系统命令注入漏洞
aws-mcp-server is a lightweight service by Alexei Ledenev Personal Developer that enables AI assistants to execute AWS CLI commands in a secure containerized environment via the Model Context Protocol MCP. A security vulnerability exists in aws-mcp-server that stems from command injection and cou...
MCP Guardian: a Security-First Layer for Safeguarding MCP-Based AI System
As Agentic AI gain mainstream adoption, the industry invests heavily in model capabilities, achieving rapid leaps in reasoning and quality. However, these systems remain largely confined to data silos, and each new integration requires custom logic that is difficult to scale. The Model Context...
MPMA: Preference Manipulation Attack against Model Context Protocol
Model Context Protocol MCP standardizes interface mapping for large language models LLMs to access external data and tools, which revolutionizes the paradigm of tool selection and facilitates the rapid expansion of the LLM agent tool ecosystem. However, as the MCP is increasingly adopted,...
CVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274
CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...
PT-2025-20705 · Toolhive · Toolhive
Name of the Vulnerable Software and Affected Versions: ToolHive versions prior to 0.0.33 Description: The issue arises from the ordering of code used to start a Model Context Protocol MCP server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with...
Dynamic Tool Updates in Spring AI's Model Context Protocol
The Model Context Protocol MCP is a powerful feature in Spring AI that enables AI models to access external tools and resources through a standardized interface. One interesting capabilities of MCP is its ability to dynamically update available tools at runtime. This blog post explores how Spring...