GHSA-6Q9C-M9FR-865M

Vulnerability from github – Published: 2025-09-29 16:28 – Updated: 2025-10-23 20:21
VLAI?
Summary
vet MCP Server SSE Transport DNS Rebinding Vulnerability
Details

SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation.

To exploit this vulnerability following conditions must be met:

  1. A vet scan is executed and reports are saved as sqlite3 database
  2. A vet MCP server is running on default port with SSE transport that has access to the report database
  3. The attacker lures the victim to attacker controlled website
  4. Attacker leverages DNS rebinding to access vet SSE server on 127.0.0.1 through the website
  5. Attacker uses MCP tools to read information from report database

Impact

Data from vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.

Patches

  • v1.12.5 is released that patches the issue with Host and Origin header allow list and validation

Workarounds

  • Use stdio (default) transport for SSE server
Severity ?
2.1 (Low)
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/safedep/vet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59163"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-350"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-29T16:28:49Z",
    "nvd_published_at": "2025-09-29T22:15:36Z",
    "severity": "LOW"
  },
  "details": "SafeDep `vet` is vulnerable to a DNS rebinding attack due to lack of HTTP `Host` and `Origin` header validation. \n\nTo exploit this vulnerability following conditions must be met:\n\n1. A `vet` scan is executed and reports are saved as `sqlite3` database\n2. A `vet` MCP server is running on default port with SSE transport that has access to the report database\n3. The attacker lures the victim to attacker controlled website\n4. Attacker leverages DNS rebinding to access `vet` SSE server on `127.0.0.1` through the website\n5. Attacker uses MCP tools to read information from report database\n\n### Impact\n\nData from `vet` scan sqlite3 database may be exposed to remote attackers when `vet` is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.\n\n### Patches\n\n* `v1.12.5` is released that patches the issue with `Host` and `Origin` header allow list and validation\n\n### Workarounds\n\n* Use `stdio` (default) transport for SSE server",
  "id": "GHSA-6q9c-m9fr-865m",
  "modified": "2025-10-23T20:21:11Z",
  "published": "2025-09-29T16:28:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/safedep/vet/security/advisories/GHSA-6q9c-m9fr-865m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59163"
    },
    {
      "type": "WEB",
      "url": "https://github.com/safedep/vet/commit/0ae3560ba11846375812377299fe078d45cc3d48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/safedep/vet"
    },
    {
      "type": "WEB",
      "url": "https://github.com/safedep/vet/releases/tag/v1.12.5"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "vet MCP Server SSE Transport DNS Rebinding Vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.