exploitDog

CVE-2025-65513

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

Ссылки

https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-65513.md
Exploit
Third Party Advisory
https://thorn-pheasant-6d8.notion.site/fetch-mcp-2853daf7b44180029ca5d56e03195736
Exploit
Third Party Advisory
https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-65513.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zcaceres:fetch_mcp_server:*:*:*:*:*:*:*:*

Версия до 1.0.2 (включая)

EPSS

Процентиль: 13%

0.00043

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-8fxj-2g9q-8fjw

github

2 месяца назад

Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

EPSS

Процентиль: 13%

0.00043

Низкий

7.5 High

CVSS3

Дефекты

CWE-918