Model Context Protocol SDK Security Flaw: CVE-2025-66414 Exposes Applications to DNS Rebinding Attacks

A critical security vulnerability has been identified in the widely used Model Context Protocol (MCP) TypeScript SDK, tracked as CVE-2025-66414. The flaw stems from the SDK's default configuration, which fails to enable DNS rebinding protection, leaving any application built upon it potentially exposed to a classic network-based attack vector. This oversight allows malicious actors to bypass same-origin policies and interact with internal network services, posing a significant risk to data integrity and system security.

The vulnerability is present in versions of the @modelcontextprotocol/sdk prior to the patched release, v1.25.2. The issue was formally disclosed via GitHub Security Advisory GHSA-w48q-cv73-mx4w, triggering an urgent dependency update cycle across the ecosystem. The update represents a substantial jump from version 1.9.0 to 1.25.2, indicating the severity of the fix and the accumulation of other changes since the last stable release. The patch explicitly enables the necessary DNS rebinding safeguards that were previously missing by default.

This discovery places immediate pressure on development teams and organizations utilizing the MCP SDK to audit their dependencies and apply the security update. The protocol is foundational for connecting AI applications to external data sources and tools, meaning the vulnerability's impact could be widespread across AI agent and tool-use frameworks. Failure to patch could leave backend services and internal APIs vulnerable to unauthorized cross-origin requests, a risk that security teams must now actively mitigate.