CVE-2025-13822

EUVD-2025-209433
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
mcphubxmcphub
𝑥
< 0.11.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/en/posts/2026/04/CVE-2025-13822
https://github.com/samanhappy/mcphub