How to fix CVE-2025-66416?

Within 24 hours: Identify all systems running MCP Python SDK versions prior to 1.23.0, particularly those using FastMCP with HTTP/SSE transport on localhost. Within 7 days: Upgrade all affected instances to MCP Python SDK version 1.23.0 or later. Within 30 days: Review and implement TransportSecuritySettings configurations for all MCP servers and audit access logs for any suspicious activity.

Is Python affected by CVE-2025-66416?

A vulnerability in the MCP Python SDK (CVE-2025-66416) could allow attackers to bypass security controls and invoke unauthorized actions on locally-run MCP servers through DNS rebinding attacks.

CVE-2025-66416

EUVD-2025-200273 HIGH

2025-12-02 [email protected]

GHSA-9h52-p55h-vw2f

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200273

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

Patch Released

Mar 15, 2026 - 14:04 nvd

Patch available

CVE Published

Dec 02, 2025 - 19:15 nvd

HIGH 8.1

Description

The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0.

Analysis

CVE-2025-66416 is a security vulnerability (CVSS 8.1) that allows dns rebinding protection. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Technical Context

Vulnerability type not specified by vendor. CVSS 8.1 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Apply the vendor-supplied patch immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +40

POC: 0

Vendor Status

CVE-2025-66416 vulnerability details – vuln.today

Back

CVE-2025-66416

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-66416

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code