What is CVE-2025-58444?

CVE-2025-58444 is a vulnerability in Modelcontextprotocol Inspector, classified under CWE-84. Published 2025-09-08.

Is CVE-2025-58444 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Modelcontextprotocol Inspector

CVE-2025-58444

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers…

EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.

Affected products

Modelcontextprotocol Inspector — versions < 0.16.6

Weakness classification (CWE)

CWE-84

Public proof-of-concept exploits

References

https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-g9hg-qhmf-q45m (x_refsource_CONFIRM)
https://github.com/modelcontextprotocol/inspector/commit/650f3090d26344a672026b737d81586595bb1f60 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-58444?: CVE-2025-58444 is a vulnerability in Modelcontextprotocol Inspector, classified under CWE-84. Published 2025-09-08.
Is CVE-2025-58444 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.