CVE-2025-49596

The PoC exploits an RCE vulnerability in MCPJam inspector by sending crafted JSON payloads to the /api/mcp/connect endpoint, downloading a reverse shell script, and executing it. It uses curl to fetch the payload and chmod to make it executable.

This repository contains a functional CTF lab demonstrating CVE-2025-49596, a session isolation failure in an MCP server where admin OAuth tokens leak into user responses due to a shared mutable context object. The exploit is embedded in the lab's design, allowing participants to extract flags via DevTools.

This PoC exploits CVE-2025-49596, an RCE vulnerability in MCPJam inspector versions prior to 1.4.2. It leverages the `/api/mcp/connect` endpoint to execute arbitrary commands via crafted JSON payloads, ultimately delivering a reverse shell to the attacker.

The repository contains a functional Python-based PoC for CVE-2025-49596, targeting an unauthenticated RCE vulnerability in MCP Inspector's SSE endpoint. The exploit constructs malicious requests to execute arbitrary commands via URL parameters.

This script checks for CVE-2025-49596 by sending a crafted HTTP request to the MCP Inspector SSE endpoint and analyzing the response. It detects the absence of authentication requirements, indicating potential vulnerability.