CVE-2025-9611
7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L
Summary
Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Playwright | 0 < 0.0.40 | affected |
Weaknesses
- CWE-749: CWE-749 Exposed Dangerous Method or Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-8rgw-6xp9-2fg3
- https://github.com/microsoft/playwright/commit/1313fbd
- https://www.vulncheck.com/advisories/microsoft-playwright-mcp-server-dns-rebinding-via-missing-origin-header-validation
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.