Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for mcp_gateway by docker

    CVE-2025-64443 (GCVE-0-2025-64443)

    Vulnerability from nvd – Published: 2025-12-03 17:41 – Updated: 2025-12-03 18:14
    VLAI
    Title
    DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode
    Summary
    MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    docker mcp-gateway Affected: < 0.28.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64443",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-03T18:12:16.672750Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-03T18:14:24.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mcp-gateway",
              "vendor": "docker",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.28.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-03T17:41:59.272Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r"
            },
            {
              "name": "https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e"
            }
          ],
          "source": {
            "advisory": "GHSA-46gc-mwh4-cc5r",
            "discovery": "UNKNOWN"
          },
          "title": "DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-64443",
        "datePublished": "2025-12-03T17:41:59.272Z",
        "dateReserved": "2025-11-03T22:12:51.366Z",
        "dateUpdated": "2025-12-03T18:14:24.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64443 (GCVE-0-2025-64443)

    Vulnerability from cvelistv5 – Published: 2025-12-03 17:41 – Updated: 2025-12-03 18:14
    VLAI
    Title
    DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode
    Summary
    MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    docker mcp-gateway Affected: < 0.28.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64443",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-03T18:12:16.672750Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-03T18:14:24.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mcp-gateway",
              "vendor": "docker",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.28.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-03T17:41:59.272Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r"
            },
            {
              "name": "https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e"
            }
          ],
          "source": {
            "advisory": "GHSA-46gc-mwh4-cc5r",
            "discovery": "UNKNOWN"
          },
          "title": "DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-64443",
        "datePublished": "2025-12-03T17:41:59.272Z",
        "dateReserved": "2025-11-03T22:12:51.366Z",
        "dateUpdated": "2025-12-03T18:14:24.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }