CVE-2025-11287

Summary

A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
samanhappyMCPHub0.9.0affected
samanhappyMCPHub0.9.1affected
samanhappyMCPHub0.9.2affected
samanhappyMCPHub0.9.3affected
samanhappyMCPHub0.9.4affected
samanhappyMCPHub0.9.5affected
samanhappyMCPHub0.9.6affected
samanhappyMCPHub0.9.7affected
samanhappyMCPHub0.9.8affected
samanhappyMCPHub0.9.9affected
samanhappyMCPHub0.9.10affected

Weaknesses

  • CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References