CVE-2025-13822
MCPHub has an authentication bypass
EPSS 0.25%
Description
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.
How to fix CVE-2025-13822
To remediate CVE-2025-13822, upgrade the affected package to a fixed version below.
- npm/@samanhappy/mcphub—upgrade to 0.11.0 or later
Is CVE-2025-13822 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.11.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |