Skip to main content

Microsoft CVE-2025-9611

HIGH
Exposed Dangerous Method or Function (CWE-749)
2026-01-07 disclosure@vulncheck.com GHSA-6fg3-hvw7-2fwq
7.2
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vulncheck) · only source for this CVE.

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

7
Source Code Evidence Fetched
Jul 14, 2026 - 23:33 vuln.today
Analysis Updated
Jul 14, 2026 - 23:33 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 23:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 23:22 NVD
7.2 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 07, 2026 - 12:17 nvd
N/A

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 4 npm packages depend on @playwright/mcp (4 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.0.40.

DescriptionCVE.org

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.

AnalysisAI

Missing Origin/Host header validation in Microsoft's Playwright MCP Server (versions before 0.0.40) lets a remote web page reach a developer's locally bound MCP HTTP endpoint through a DNS rebinding attack, causing unauthorized invocation of MCP tool endpoints that drive an automated browser. Publicly available exploit code exists (a proof-of-concept gist and a VulnCheck advisory), though the flaw is not listed in CISA KEV and EPSS probability is low (0.25%, 48th percentile). Exploitation requires that a victim with the server running visit an attacker-controlled page, so this is opportunistic rather than mass-scannable.

Share

CVE-2025-9611 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy