A critical vulnerability, CVE-2025-49596, has been discovered in the Model Context Protocol (MCP) that affects over 200,000 servers. The vulnerability, found in the STDIO transport, allows arbitrary code execution on developer machines through a browser visit without user interaction. OX Security disclosed that the popular MCP transport lacks authentication, and the official SDKs do not sanitize command fields, leading to the execution of malicious shell commands. To mitigate this risk, running MCP servers in serverless environments like AWS Lambda is recommended, as it eliminates persistent processes and provides built-in authentication mechanisms. AI
影响 Mitigates critical security risks for developers using the Model Context Protocol, encouraging safer infrastructure choices.
排序理由 The article discusses a security vulnerability in a specific protocol and offers a solution using serverless infrastructure, fitting the 'tool' category for security advisories and infrastructure recommendations.
AI 生成摘要 · Google Gemini · 来自 1 个来源。 我们如何撰写摘要 →
