What is CVE-2025-13822?

CVE-2025-13822 is a medium-severity vulnerability in Mcphub, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.3/10. Published 2026-04-14.

How severe is CVE-2025-13822?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Auth bypass in Mcphub

CVE-2025-13822

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privi…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.002 (48.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Mcphub — versions 0
Mcphubx Mcphub

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

cvd@cert.pl (Product, product)
cvd@cert.pl (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2025-13822?: CVE-2025-13822 is a medium-severity vulnerability in Mcphub, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.3/10. Published 2026-04-14.
How severe is CVE-2025-13822?: Medium severity. CVSS v3 base score is 5.3 out of 10.