Vulnerability in Modelcontextprotocol Python-sdk
CVE-2025-53365
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead t…
EPSS: 0.004 (27.4th percentile) — read the EPSS interpretation.
Affected products
- Modelcontextprotocol Python-sdk — versions < 1.10.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)