What is the CVSS score of EUVD-2025-200273?

EUVD-2025-200273 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Python are affected by EUVD-2025-200273?

A vulnerability in the MCP Python SDK (CVE-2025-66416) could allow attackers to bypass security controls and invoke unauthorized actions on locally-run MCP servers through DNS rebinding attacks.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-200273?

Yes, a public proof-of-concept exploit is available for EUVD-2025-200273. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-200273?

Within 24 hours: Identify all systems running MCP Python SDK versions prior to 1.23.0, particularly those using FastMCP with HTTP/SSE transport on localhost. Within 7 days: Upgrade all affected instances to MCP Python SDK version 1.23.0 or later. Within 30 days: Review and implement TransportSecuritySettings configurations for all MCP servers and audit access logs for any suspicious activity.

Python EUVD-2025-200273

| CVE-2025-66416 HIGH

Initialization of a Resource with an Insecure Default (CWE-1188)

2025-12-02 security-advisories@github.com

GHSA-9h52-p55h-vw2f

Authentication Bypass Python Mcp Python Sdk Red Hat

8.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.1 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Red Hat

8.1 HIGH

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200273

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

Patch released

Mar 15, 2026 - 14:04 nvd

Patch available

CVE Published

Dec 02, 2025 - 19:15 nvd

HIGH 8.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

14 pypi packages depend on mcp (7 direct, 7 indirect)

Ecosystem-wide dependent count for version 1.23.0.

DescriptionGitHub Advisory

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0.

AnalysisAI

CVE-2025-66416 is a security vulnerability (CVSS 8.1) that allows dns rebinding protection. High severity vulnerability requiring prompt remediation. Vendor patch is available.