ghsa-6q9c-m9fr-865m
Vulnerability from github
Published
2025-09-29 16:28
Modified
2025-10-23 20:21
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
vet MCP Server SSE Transport DNS Rebinding Vulnerability
Details

SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation.

To exploit this vulnerability following conditions must be met:

  1. A vet scan is executed and reports are saved as sqlite3 database
  2. A vet MCP server is running on default port with SSE transport that has access to the report database
  3. The attacker lures the victim to attacker controlled website
  4. Attacker leverages DNS rebinding to access vet SSE server on 127.0.0.1 through the website
  5. Attacker uses MCP tools to read information from report database

Impact

Data from vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.

Patches

  • v1.12.5 is released that patches the issue with Host and Origin header allow list and validation

Workarounds

  • Use stdio (default) transport for SSE server
Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/safedep/vet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59163"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-350"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-29T16:28:49Z",
    "nvd_published_at": "2025-09-29T22:15:36Z",
    "severity": "LOW"
  },
  "details": "SafeDep `vet` is vulnerable to a DNS rebinding attack due to lack of HTTP `Host` and `Origin` header validation. \n\nTo exploit this vulnerability following conditions must be met:\n\n1. A `vet` scan is executed and reports are saved as `sqlite3` database\n2. A `vet` MCP server is running on default port with SSE transport that has access to the report database\n3. The attacker lures the victim to attacker controlled website\n4. Attacker leverages DNS rebinding to access `vet` SSE server on `127.0.0.1` through the website\n5. Attacker uses MCP tools to read information from report database\n\n### Impact\n\nData from `vet` scan sqlite3 database may be exposed to remote attackers when `vet` is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.\n\n### Patches\n\n* `v1.12.5` is released that patches the issue with `Host` and `Origin` header allow list and validation\n\n### Workarounds\n\n* Use `stdio` (default) transport for SSE server",
  "id": "GHSA-6q9c-m9fr-865m",
  "modified": "2025-10-23T20:21:11Z",
  "published": "2025-09-29T16:28:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/safedep/vet/security/advisories/GHSA-6q9c-m9fr-865m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59163"
    },
    {
      "type": "WEB",
      "url": "https://github.com/safedep/vet/commit/0ae3560ba11846375812377299fe078d45cc3d48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/safedep/vet"
    },
    {
      "type": "WEB",
      "url": "https://github.com/safedep/vet/releases/tag/v1.12.5"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "vet MCP Server SSE Transport DNS Rebinding Vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.