200,000 MCP Servers Are Exposed. Here's Why Serverless Is Safer.
A critical vulnerability, CVE-2025-49596, has been discovered in the Model Context Protocol (MCP) that affects over 200,000 servers. The vulnerability, found in the STDIO transport, allows arbitrary code execution on developer machines through a browser visit without user interaction. OX Security disclosed that the popular MCP transport lacks authentication, and the official SDKs do not sanitize command fields, leading to the execution of malicious shell commands. To mitigate this risk, running MCP servers in serverless environments like AWS Lambda is recommended, as it eliminates persistent processes and provides built-in authentication mechanisms. AI
IMPACT Mitigates critical security risks for developers using the Model Context Protocol, encouraging safer infrastructure choices.
