{"vulnerability": "cve-2025-49596", "sightings": [{"uuid": "8c2cb329-7b7e-449e-9eec-4420cf96a8f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3lswxf3wi6t2s", "content": "", "creation_timestamp": "2025-07-02T00:28:14.929877Z"}, {"uuid": "3feae0dc-33a7-4344-aa72-72e73a19999d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3lswyu4pt4t23", "content": "", "creation_timestamp": "2025-07-02T00:54:32.298842Z"}, {"uuid": "0ec708a9-f6e9-4bc8-99f9-7ec056f0426f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html", "content": "", "creation_timestamp": "2025-07-01T16:03:00.000000Z"}, {"uuid": "fed6ad74-aad7-4aba-aebd-05b369564f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e3916d62-a1d16dfcef6f8287", "content": "", "creation_timestamp": "2025-07-07T19:27:14.617843Z"}, {"uuid": "de2ce4a4-8316-4967-86ee-6b19066b937d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/innovatopia.bsky.social/post/3lsxu6h4v5k2v", "content": "", "creation_timestamp": "2025-07-02T09:03:34.417796Z"}, {"uuid": "3fe192b3-9604-4607-a44b-d71a33126636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-49596", "type": "seen", "source": "https://bsky.app/profile/mattreduce.com/post/3ltkhceqxhc24", "content": "", "creation_timestamp": "2025-07-09T18:33:39.794865Z"}, {"uuid": "db7f6d94-a55d-4646-9c5b-fa0a7a6240fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrrdo2ts332n", "content": "", "creation_timestamp": "2025-06-17T01:26:51.169632Z"}, {"uuid": "94e165de-4614-4c6e-be97-ce08797ccd91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/matricedigitale.bsky.social/post/3lsydsli2li2x", "content": "", "creation_timestamp": "2025-07-02T13:43:13.143899Z"}, {"uuid": "0674fe03-b1d7-455c-ae7b-9af63c194000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/114825404956929995", "content": "", "creation_timestamp": "2025-07-09T21:30:33.653578Z"}, {"uuid": "58c94d16-a65f-44b3-9d49-d9cf7ff893fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lsuu5itenq2k", "content": "", "creation_timestamp": "2025-07-01T04:24:58.933184Z"}, {"uuid": "41753d1f-0394-4647-89b5-1df9fc61e1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3lsynrj3q3c2e", "content": "", "creation_timestamp": "2025-07-02T16:41:41.201750Z"}, {"uuid": "b6fd0f2f-eb8e-4f21-9631-5bc1faad5a31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://threatintel.cc/2025/07/09/serious-flaws-patched-in-model.html", "content": "", "creation_timestamp": "2025-07-09T19:30:45.000000Z"}, {"uuid": "e5e774e3-d313-4b6c-a3a1-03ae51e5a0a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/ashishjsharda.bsky.social/post/3ltlauocqak2c", "content": "", "creation_timestamp": "2025-07-10T02:11:19.817510Z"}, {"uuid": "56142a3c-eb48-4558-9bb9-263b607c1900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/ashishjsharda.bsky.social/post/3ltlaurju2c2c", "content": "", "creation_timestamp": "2025-07-10T02:11:20.372994Z"}, {"uuid": "8bbd28f4-cea3-468e-a78e-88b91fecabe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lu2bmzeoiu24", "content": "", "creation_timestamp": "2025-07-16T01:34:49.011846Z"}, {"uuid": "329b94e2-2bd8-41f0-b633-ac1b4f1bee53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3lt2fke4dhd2g", "content": "", "creation_timestamp": "2025-07-03T09:19:42.651211Z"}, {"uuid": "8d02aa88-8276-4762-bfc9-d2128676d83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/themultiverse.bsky.social/post/3lt2hlxtzej2v", "content": "", "creation_timestamp": "2025-07-03T09:56:24.516682Z"}, {"uuid": "423acd17-7d45-493d-b7c5-47a366d9b695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lswi3orf5b2x", "content": "", "creation_timestamp": "2025-07-01T19:54:32.634776Z"}, {"uuid": "ce6b71b0-3a9d-4a69-8117-d1d847ddb4ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3lswmtxngfk2i", "content": "", "creation_timestamp": "2025-07-01T21:19:42.047076Z"}, {"uuid": "15285191-de33-4fd0-bf27-01e27b651938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lty562m4fs25", "content": "", "creation_timestamp": "2025-07-15T05:09:32.003816Z"}, {"uuid": "516b5777-fb73-4173-befc-becde74ba8c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrjelyrs452q", "content": "", "creation_timestamp": "2025-06-13T21:22:16.781834Z"}, {"uuid": "840de666-a90c-4bff-ade1-106eea81105c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/Darkcrai86/8fa95e3e48f12d9a6bbed19c3a0503c9", "content": "", "creation_timestamp": "2025-10-09T07:14:54.000000Z"}, {"uuid": "0fb5771b-7e5d-4661-a4e6-878b41cb7254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lyvpcwgsyi25", "content": "", "creation_timestamp": "2025-09-15T21:02:24.586473Z"}, {"uuid": "475114c8-f749-4e77-8ad0-9646b1efbdcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/techjacksolutions.bsky.social/post/3m2kpotin3w2x", "content": "", "creation_timestamp": "2025-10-06T23:00:07.894602Z"}, {"uuid": "b5391c2a-a335-4046-82ad-4a24e6379966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-49596", "type": "seen", "source": "https://bsky.app/profile/docker.com/post/3lzjajwkw7s22", "content": "", "creation_timestamp": "2025-09-23T15:31:06.256075Z"}, {"uuid": "529865fa-d94a-49e2-b0f5-523711ed06be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://bsky.app/profile/bytetrending.bsky.social/post/3lzkdwggo642x", "content": "", "creation_timestamp": "2025-09-24T02:04:25.596441Z"}, {"uuid": "8bd1714f-3812-421d-a167-c9eaee70366a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/seansilva-adam-bot/a1602e2414da2d1f0be6f02fc94a13d6", "content": "", "creation_timestamp": "2026-02-05T07:03:04.000000Z"}, {"uuid": "25694aea-4943-4587-91dd-6cd3852f5d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/curphey/4de77ee29a83eda55e07bf1df9116386", "content": "", "creation_timestamp": "2026-01-30T08:50:31.000000Z"}, {"uuid": "a1902af4-66ae-4a98-9a73-be927b3d6bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/dipandhali2021/f4753824c87cbbc5ff3e94d2c9d3e54f", "content": "", "creation_timestamp": "2026-03-28T13:22:25.000000Z"}, {"uuid": "3593dbd3-0ccc-4635-a513-a857f1bf2b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "Telegram/YLjaHgOWqHy_GE2pMNrZj7K_RcmqTuBmFaJ1673d7IeXnQg", "content": "", "creation_timestamp": "2025-06-13T21:00:48.000000Z"}, {"uuid": "be73d089-59f7-46a8-8a17-7f0aa9060737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/beejak/235d9793985eef4870d4d4fe221cc6fe", "content": "", "creation_timestamp": "2026-04-28T05:20:25.000000Z"}, {"uuid": "0db6a0d3-a185-4863-a834-815c6e09d050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://gist.github.com/beejak/c190bcb8f8b76e8b2200faef11e807d6", "content": "", "creation_timestamp": "2026-04-28T04:41:41.000000Z"}, {"uuid": "0ca70b85-c587-4bca-aac4-38a067981f94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18339", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49596\n\ud83d\udd25 CVSS Score: 9.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.\n\ud83d\udccf Published: 2025-06-13T20:11:40.453Z\n\ud83d\udccf Modified: 2025-06-13T20:11:40.453Z\n\ud83d\udd17 References:\n1. https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g\n2. https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979", "creation_timestamp": "2025-06-13T20:35:33.000000Z"}, {"uuid": "2d4215ec-a97b-4bab-99e4-e9fcb7575731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://t.me/GithubRedTeam/42862", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32462 Exploit\nURL\uff1ahttps://github.com/ashiqrehan-21/MCP-Inspector-CVE-2025-49596\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-03T16:12:05.000000Z"}, {"uuid": "a109d0f7-f31b-495c-9da6-27716ae52e56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://t.me/poxek/5322", "content": "\ud83d\udd10 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 MCP Inspector - \u043d\u0435 \u0434\u0430\u0439\u0442\u0435 LLM \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0430\u0448\u0443 \u043c\u0430\u0448\u0438\u043d\u0443\n\n\u041d\u0435 \u0441\u0435\u043a\u0440\u0435\u0442, \u0447\u0442\u043e AI (LLM) \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 - \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0434\u0430\u0447, \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043a\u043e\u0434\u0430, DevOps \u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e. \u041d\u043e \u0441 \u0431\u044b\u0441\u0442\u0440\u044b\u043c\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0447\u0430\u0441\u0442\u043e \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u0438 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0440\u0438\u0441\u043a.\n\ud83e\udde0 \u0415\u0441\u043b\u0438 \u0432\u044b \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u0443\u0435\u0442\u0435 LLM (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, ChatGPT, Claude, Capilot \u0438 \u0442\u043f) \u0441 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 MCP-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b, \u0431\u0443\u0434\u044c\u0442\u0435 \u043a\u0440\u0430\u0439\u043d\u0435 \u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u044b \u0441 \u043e\u0442\u043b\u0430\u0434\u043e\u0447\u043d\u044b\u043c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c - MCP Inspector. \u042d\u0442\u043e \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441, \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 LLM \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432 \u0432\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435: curl, python3, ls \u0438 \u0442.\u0434.\n\n\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043e\u043d \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 127.0.0.1:6274 \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0442\u043e\u043a\u0435\u043d. \u041d\u043e: \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f DANGEROUSLY_OMIT_AUTH=true \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e, \u043f\u043e\u0440\u0442\u044b \u043c\u043e\u0433\u0443\u0442 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u043e\u043a\u0430\u0437\u0430\u0442\u044c\u0441\u044f \u043f\u0440\u043e\u0431\u0440\u043e\u0448\u0435\u043d\u044b \u043d\u0430\u0440\u0443\u0436\u0443 (\u0447\u0435\u0440\u0435\u0437 Docker, nginx, ngrok \u0438 \u0434\u0440.);\n\u0412 \u0442\u0430\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043b\u044e\u0431\u043e\u0439, \u043a\u0442\u043e \u043d\u0430\u0439\u0434\u0451\u0442 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 - \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 (RCE).\n\n\ud83c\udfaf \u0412 \u0441\u043a\u0443\u043f\u0435 \u0441 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 CVE-2025-49596 Auth Bypass \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0435\u0449\u0435 \u043d\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442:\n\u0412\u044b\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b (/etc/passwd, .ssh/id_rsa, .env), \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043c\u0430\u0439\u043d\u0435\u0440 \u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440 \u0438 \u043f\u0440\u043e\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u043e\u0431\u0440\u0430\u0442\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 (reverse shell) \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0448\u0438\u043d\u0443 \u043a\u0430\u043a \u0442\u043e\u0447\u043a\u0443 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.\n\n\ud83d\udee1\ufe0f \u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f?\n1. \u041d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0439\u0442\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e (`DANGEROUSLY_OMIT_AUTH=true`) - \u0434\u0430\u0436\u0435 \u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u0445\u043e\u0441\u0442\u0435.\n2. MCP Inspector \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e \u043c\u0435\u0440\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438.\n3. \u0423\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u043f\u043e\u0440\u0442 6274 \u043d\u0435 \u043f\u0440\u043e\u0431\u0440\u043e\u0448\u0435\u043d \u043d\u0430\u0440\u0443\u0436\u0443 (\u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 Docker).\n4. \u0418\u0437\u043e\u043b\u0438\u0440\u0443\u0439\u0442\u0435 \u0441\u0440\u0435\u0434\u0443 \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0435\u0439 \u0432 DMZ \u0431\u0435\u0437 \u043f\u0440\u044f\u043c\u044b\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u0432 \u043a \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435. \n\n\ud83e\uddca \u041c\u044b \u0432\u0441\u0435 \u0445\u043e\u0434\u0438\u043c \u043f\u043e \u0442\u043e\u043d\u043a\u043e\u043c\u0443 \u043b\u044c\u0434\u0443: \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0432\u0440\u043e\u0434\u0435 MCP \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441\u0442\u0440\u0435\u043c\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0438 \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 \u0434\u043e\u043b\u0436\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u0439\u0442\u0435 \u044d\u0442\u043e - \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 LLM, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2025-06-30T14:15:15.000000Z"}, {"uuid": "765325fc-cdd7-408f-bf61-63a71bc4438c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/10020", "content": "Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security\n\nhttps://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596", "creation_timestamp": "2025-07-02T13:24:01.000000Z"}, {"uuid": "8d74d705-04bf-4cfd-bafc-fa5fab9308d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "Telegram/HMcM9813eIJOyuNo5YZNbIe038j7zzCtsVC9QJ1AyxhmRyM", "content": "", "creation_timestamp": "2025-07-04T03:00:09.000000Z"}, {"uuid": "d3efdefb-51ea-4846-872a-75db8f59c80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "https://t.me/CyberBulletin/3600", "content": "\u26a1\ufe0fCritical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596.\n\n#CyberBulletin", "creation_timestamp": "2025-07-07T21:59:04.000000Z"}, {"uuid": "bde2145f-587e-470f-84b3-c9fadb00ee90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "published-proof-of-concept", "source": "Telegram/RwxI053Evvt9D_WU2CEPzLIpQuMsrIeDnG8Eg4nvRFYLzdw", "content": "", "creation_timestamp": "2025-07-03T21:00:04.000000Z"}, {"uuid": "64281553-2c8d-4a1e-bf9e-f39ee653678a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49596", "type": "seen", "source": "Telegram/vo7yuH8LHyBXdHaE9wQLrp0tWIgPlLAwJO56KKBjpmx2jw", "content": "", "creation_timestamp": "2025-07-01T20:05:18.000000Z"}]}