CVE-2025-13822

Source
https://cve.org/CVERecord?id=CVE-2025-13822
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13822.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-13822
Aliases
Published
2026-04-14T10:23:49.910Z
Modified
2026-07-15T01:49:06.953620665Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Authentication bypass in MCPHub
Details

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

Database specific
{
    "cna_assigner": "CERT-PL",
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13822.json"
}
References

Affected packages

Git / github.com/samanhappy/mcphub

Affected ranges

Type
GIT
Repo
https://github.com/samanhappy/mcphub
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:mcphubx:mcphub:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.11.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.16
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13822.json"