Serious Flaws Patched in Model Context Protocol Tools
Two critical vulnerabilities were discovered in tools related to the Model Context Protocol (MCP), a standard for connecting AI tools to external systems. The flaws, CVE-2025-6514 and CVE-2025-49596, existed in mcp-remote and MCP Inspector, respectively, and could be exploited for remote code execution. Both vulnerabilities have been patched in recent MCP releases, but researchers warn of potential risks associated with insecure MCP server connections and lack of authentication.