cvelistv5 - cve-2025-66454

CVE-2025-66454 (GCVE-0-2025-66454)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:23 – Updated: 2025-12-02 19:28

Summary

Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret ("dev") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints—including tool enumeration and tool invocation—without credentials. This vulnerability is fixed in 1.5.4.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-321 - Use of Hard-coded Cryptographic Key
CWE-798 - Use of Hard-coded Credentials

Assigner

GitHub_M

References

URL

Tags

	https://github.com/ArcadeAI/arcade-mcp/security/a…	x_refsource_CONFIRM
	https://github.com/ArcadeAI/arcade-mcp/pull/691	x_refsource_MISC
	https://github.com/ArcadeAI/arcade-mcp/commit/446…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ArcadeAI	arcade-mcp	Affected: < 1.5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66454",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T19:28:19.190064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T19:28:27.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "arcade-mcp",
          "vendor": "ArcadeAI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret (\"dev\") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints\u2014including tool enumeration and tool invocation\u2014without credentials. This vulnerability is fixed in 1.5.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321: Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T18:23:33.377Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438"
        },
        {
          "name": "https://github.com/ArcadeAI/arcade-mcp/pull/691",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ArcadeAI/arcade-mcp/pull/691"
        },
        {
          "name": "https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817"
        }
      ],
      "source": {
        "advisory": "GHSA-g2jx-37x6-6438",
        "discovery": "UNKNOWN"
      },
      "title": "Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66454",
    "datePublished": "2025-12-02T18:23:33.377Z",
    "dateReserved": "2025-12-01T18:44:35.639Z",
    "dateUpdated": "2025-12-02T19:28:27.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-66454\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-02T19:15:52.683\",\"lastModified\":\"2025-12-04T17:15:25.860\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret (\\\"dev\\\") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints\u2014including tool enumeration and tool invocation\u2014without credentials. This vulnerability is fixed in 1.5.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-321\"},{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/ArcadeAI/arcade-mcp/pull/691\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66454\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T19:28:19.190064Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T19:28:23.953Z\"}}], \"cna\": {\"title\": \"Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints\", \"source\": {\"advisory\": \"GHSA-g2jx-37x6-6438\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"ArcadeAI\", \"product\": \"arcade-mcp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.5.4\"}]}], \"references\": [{\"url\": \"https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438\", \"name\": \"https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ArcadeAI/arcade-mcp/pull/691\", \"name\": \"https://github.com/ArcadeAI/arcade-mcp/pull/691\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817\", \"name\": \"https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret (\\\"dev\\\") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints\\u2014including tool enumeration and tool invocation\\u2014without credentials. This vulnerability is fixed in 1.5.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-321\", \"description\": \"CWE-321: Use of Hard-coded Cryptographic Key\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798: Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-02T18:23:33.377Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-66454\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-02T19:28:27.762Z\", \"dateReserved\": \"2025-12-01T18:44:35.639Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-02T18:23:33.377Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-66454

Vulnerability from fkie_nvd - Published: 2025-12-02 19:15 - Updated: 2025-12-04 17:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817
	security-advisories@github.com	https://github.com/ArcadeAI/arcade-mcp/pull/691
	security-advisories@github.com	https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret (\"dev\") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints\u2014including tool enumeration and tool invocation\u2014without credentials. This vulnerability is fixed in 1.5.4."
    }
  ],
  "id": "CVE-2025-66454",
  "lastModified": "2025-12-04T17:15:25.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-02T19:15:52.683",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/ArcadeAI/arcade-mcp/pull/691"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-321"
        },
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-G2JX-37X6-6438

Vulnerability from github – Published: 2025-12-02 17:55 – Updated: 2025-12-02 21:44

Summary

arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

Details

Summary

The arcade-mcp HTTP server uses a hardcoded default worker secret ("dev") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints—including tool enumeration and tool invocation—without credentials.

Anyone following the official quick-start guide is vulnerable unless they manually override ARCADE_WORKER_SECRET.

Details

The documented method for launching an HTTP MCP server (python server.py http) implicitly sets the worker secret to the hardcoded default "dev":

ArcadeSettings.server_secret defaults to "dev" (libs/arcade-mcp-server/arcade_mcp_server/settings.py:129–158)

create_arcade_mcp() passes this value directly to FastAPIWorker without validation (libs/arcade-mcp-server/arcade_mcp_server/worker.py:118–188)

BaseWorker._set_secret() accepts this value and does not enforce rotation (libs/arcade-serve/arcade_serve/core/base.py:42–83)

Because the worker’s signing key is constant and publicly documented, attackers can trivially generate valid HS256 JWTs:

The FastAPI worker auth middleware (arcade_serve/fastapi/auth.py) trusts any JWT signed with the worker secret.

The core auth layer (arcade_serve/core/auth.py) does not distinguish forged tokens from legitimate ones.

The official quick-start instructions (README.md:164–190) demonstrate launching an MCP server without mentioning worker-secret rotation. Users are told how to define tool secrets in .env, but not that the worker’s authentication key must be changed.

As a result, servers deployed following the documented workflow expose all /worker/* endpoints to anyone capable of generating a simple HS256 token using the known key.

This CVE was resolved by https://github.com/ArcadeAI/arcade-mcp/pull/691

PoC

Start the server using the official guide https://docs.arcade.dev/en/home/build-tools/create-a-mcp-server

Verify that unauthenticated access is rejected (expected)

curl -s -D - http://127.0.0.1:8000/worker/tools
# → 403 Forbidden

Forge a valid HS256 token using the hardcoded default secret "dev"

import jwt
print(jwt.encode({'ver': '1', 'aud': 'worker'}, 'dev', algorithm='HS256'))

Use the forged token to bypass authentication

curl -s -D - \
  -H "Authorization: Bearer $(cat /tmp/forged_token.txt)" \
  http://127.0.0.1:8000/worker/tools

Result: The server responds 200 OK with the full tool catalog and allows invocation of all worker tools.

Server logs show a rejected request immediately followed by a successful forged request, confirming the bypass.

Impact

This is an authentication bypass that results in full remote access to all MCP worker endpoints:

Unauthenticated attackers can enumerate tools

Invoke arbitrary tools remotely

Access any data returned by tools (including secrets loaded into ToolContext)

Execute actions inside internal systems if tools expose operational capabilities

Perform these actions without any brute forcing or guesswork due to the known default signing key

Any user who follows the official setup guide is exposed unless they manually override ARCADE_WORKER_SECRET, which is not documented.

This vulnerability effectively gives complete remote control over the MCP worker API to any attacker aware of the default key.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "arcade-mcp-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T17:55:44Z",
    "nvd_published_at": "2025-12-02T19:15:52Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe arcade-mcp HTTP server uses a hardcoded default worker secret (\"dev\") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints\u2014including tool enumeration and tool invocation\u2014without credentials.\n\nAnyone following the official quick-start guide is vulnerable unless they manually override ARCADE_WORKER_SECRET.\n\n### Details\n\nThe documented method for launching an HTTP MCP server (python server.py http) implicitly sets the worker secret to the hardcoded default \"dev\":\n\nArcadeSettings.server_secret defaults to \"dev\"\n(libs/arcade-mcp-server/arcade_mcp_server/settings.py:129\u2013158)\n\ncreate_arcade_mcp() passes this value directly to FastAPIWorker without validation\n(libs/arcade-mcp-server/arcade_mcp_server/worker.py:118\u2013188)\n\nBaseWorker._set_secret() accepts this value and does not enforce rotation\n(libs/arcade-serve/arcade_serve/core/base.py:42\u201383)\n\nBecause the worker\u2019s signing key is constant and publicly documented, attackers can trivially generate valid HS256 JWTs:\n\nThe FastAPI worker auth middleware (arcade_serve/fastapi/auth.py) trusts any JWT signed with the worker secret.\n\nThe core auth layer (arcade_serve/core/auth.py) does not distinguish forged tokens from legitimate ones.\n\nThe official quick-start instructions (README.md:164\u2013190) demonstrate launching an MCP server without mentioning worker-secret rotation. Users are told how to define tool secrets in .env, but not that the worker\u2019s authentication key must be changed.\n\nAs a result, servers deployed following the documented workflow expose all /worker/* endpoints to anyone capable of generating a simple HS256 token using the known key.\n\nThis CVE was resolved by https://github.com/ArcadeAI/arcade-mcp/pull/691\n\n### PoC\n\nStart the server using the official guide\nhttps://docs.arcade.dev/en/home/build-tools/create-a-mcp-server\n\nVerify that unauthenticated access is rejected (expected)\n```\ncurl -s -D - http://127.0.0.1:8000/worker/tools\n# \u2192 403 Forbidden\n```\n\nForge a valid HS256 token using the hardcoded default secret \"dev\"\n```\nimport jwt\nprint(jwt.encode({\u0027ver\u0027: \u00271\u0027, \u0027aud\u0027: \u0027worker\u0027}, \u0027dev\u0027, algorithm=\u0027HS256\u0027))\n```\n\nUse the forged token to bypass authentication\n```\ncurl -s -D - \\\n  -H \"Authorization: Bearer $(cat /tmp/forged_token.txt)\" \\\n  http://127.0.0.1:8000/worker/tools\n```\n\nResult:\nThe server responds 200 OK with the full tool catalog and allows invocation of all worker tools.\n\nServer logs show a rejected request immediately followed by a successful forged request, confirming the bypass.\n\n### Impact\n\nThis is an authentication bypass that results in full remote access to all MCP worker endpoints:\n\nUnauthenticated attackers can enumerate tools\n\nInvoke arbitrary tools remotely\n\nAccess any data returned by tools (including secrets loaded into ToolContext)\n\nExecute actions inside internal systems if tools expose operational capabilities\n\nPerform these actions without any brute forcing or guesswork due to the known default signing key\n\nAny user who follows the official setup guide is exposed unless they manually override ARCADE_WORKER_SECRET, which is not documented.\n\nThis vulnerability effectively gives complete remote control over the MCP worker API to any attacker aware of the default key.",
  "id": "GHSA-g2jx-37x6-6438",
  "modified": "2025-12-02T21:44:00Z",
  "published": "2025-12-02T17:55:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66454"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ArcadeAI/arcade-mcp/pull/691"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ArcadeAI/arcade-mcp/commit/7fb097f20fbea35e382a1b78da6fd90609c55a9e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ArcadeAI/arcade-mcp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-66454 (GCVE-0-2025-66454)

FKIE_CVE-2025-66454

GHSA-G2JX-37X6-6438

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature