ET WEB_SPECIFIC_APPS Anthropic MCP Inspector Proxy Server-Sent Events (SSE) Unauthenticated Remote Code Execution (CVE-2025-49596)

SID: 2063366Rev: 118 views
Sourceet/open
CreatedJuly 9, 2025
UpdatedJuly 9, 2025
Classificationweb-application-attack
alert http any any -> $HOME_NET 6277 (msg:"ET WEB_SPECIFIC_APPS Anthropic MCP Inspector Proxy Server-Sent Events (SSE) Unauthenticated Remote Code Execution (CVE-2025-49596)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/sse|3f|"; content:"transportType|3d|stdio"; fast_pattern; content:"command|3d|"; content:"args|3d|"; reference:url,www.tenable.com/blog/how-tenable-research-discovered-a-critical-remote-code-execution-vulnerability-on-anthropic; reference:cve,2025-49596; classtype:web-application-attack; sid:2063366; rev:1; metadata:attack_target Server, created_at 2025_07_09, cve CVE_2025_49596, deployment Perimeter, deployment Internal, confidence High, signature_severity Critical, tag Exploit, updated_at 2025_07_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlwww.tenable.com/blog/how-tenable-research-discovered-a-critical-remote-code-execution-vulnerability-on-anthropic
cve2025-49596

Metadata

attack targetServer
created at2025_07_09
deploymentInternal
confidenceHigh
signature severityCritical
tagExploit
updated at2025_07_09
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!