CVE-2025-53365: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
AI Analysis
Technical Summary
CVE-2025-53365 is a high-severity vulnerability affecting the MCP Python SDK (modelcontextprotocol python-sdk) versions prior to 1.10.0. The MCP Python SDK implements the Model Context Protocol, facilitating streamable HTTP sessions. The vulnerability arises when a client deliberately triggers an exception after establishing such a session, leading to an uncaught ClosedResourceError on the server side. This uncaught exception causes the server process to crash, resulting in a denial of service (DoS) condition until the server is manually restarted or recovers via infrastructure-level resilience mechanisms. The root cause is a lack of proper exception handling (CWE-248: Uncaught Exception) within the SDK's server-side code, which fails to gracefully handle client-triggered errors during active HTTP streaming. The impact depends on deployment specifics and the presence of failover or auto-restart capabilities. The issue was addressed and patched in version 1.10.0 of the SDK. The CVSS 4.0 base score is 8.7 (high), reflecting that the vulnerability is remotely exploitable without authentication or user interaction, has low attack complexity, and results in a high impact on availability (server crash). No known exploits are currently reported in the wild, but the potential for denial of service attacks is significant given the ease of exploitation and the critical nature of the service disruption.
Potential Impact
For European organizations utilizing the MCP Python SDK in their infrastructure, this vulnerability poses a significant risk of service disruption. Organizations relying on real-time or streaming data services implemented with this SDK could experience unexpected server crashes, leading to downtime and potential loss of business continuity. Critical sectors such as finance, telecommunications, and healthcare that depend on continuous data streams may face operational interruptions. Additionally, repeated exploitation attempts could degrade trust in service reliability and increase operational costs due to emergency incident response and recovery efforts. The impact is exacerbated in environments lacking robust infrastructure resilience, such as automatic failover or container orchestration with self-healing capabilities. Furthermore, the vulnerability does not compromise confidentiality or integrity directly but severely affects availability, which in many European regulatory frameworks (e.g., GDPR) is a key component of service reliability and data protection obligations.
Mitigation Recommendations
European organizations should immediately audit their use of the MCP Python SDK and upgrade all instances to version 1.10.0 or later, where the vulnerability is patched. In addition to upgrading, organizations should implement the following specific mitigations: 1) Deploy robust exception handling and monitoring around MCP SDK usage to detect abnormal client behavior that could trigger exceptions. 2) Utilize infrastructure-level resilience such as container orchestration platforms (e.g., Kubernetes) with automatic pod restarts and health checks to minimize downtime from crashes. 3) Implement rate limiting and anomaly detection on client connections to prevent deliberate triggering of exceptions at scale. 4) Conduct penetration testing and fuzz testing on streaming endpoints to identify any residual or related stability issues. 5) Maintain comprehensive logging and alerting to rapidly identify and respond to service crashes. 6) Where feasible, isolate MCP SDK services behind reverse proxies or API gateways that can filter malformed or suspicious requests. These measures go beyond generic advice by focusing on operational resilience and proactive detection tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium
CVE-2025-53365: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk
Description
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-53365 is a high-severity vulnerability affecting the MCP Python SDK (modelcontextprotocol python-sdk) versions prior to 1.10.0. The MCP Python SDK implements the Model Context Protocol, facilitating streamable HTTP sessions. The vulnerability arises when a client deliberately triggers an exception after establishing such a session, leading to an uncaught ClosedResourceError on the server side. This uncaught exception causes the server process to crash, resulting in a denial of service (DoS) condition until the server is manually restarted or recovers via infrastructure-level resilience mechanisms. The root cause is a lack of proper exception handling (CWE-248: Uncaught Exception) within the SDK's server-side code, which fails to gracefully handle client-triggered errors during active HTTP streaming. The impact depends on deployment specifics and the presence of failover or auto-restart capabilities. The issue was addressed and patched in version 1.10.0 of the SDK. The CVSS 4.0 base score is 8.7 (high), reflecting that the vulnerability is remotely exploitable without authentication or user interaction, has low attack complexity, and results in a high impact on availability (server crash). No known exploits are currently reported in the wild, but the potential for denial of service attacks is significant given the ease of exploitation and the critical nature of the service disruption.
Potential Impact
For European organizations utilizing the MCP Python SDK in their infrastructure, this vulnerability poses a significant risk of service disruption. Organizations relying on real-time or streaming data services implemented with this SDK could experience unexpected server crashes, leading to downtime and potential loss of business continuity. Critical sectors such as finance, telecommunications, and healthcare that depend on continuous data streams may face operational interruptions. Additionally, repeated exploitation attempts could degrade trust in service reliability and increase operational costs due to emergency incident response and recovery efforts. The impact is exacerbated in environments lacking robust infrastructure resilience, such as automatic failover or container orchestration with self-healing capabilities. Furthermore, the vulnerability does not compromise confidentiality or integrity directly but severely affects availability, which in many European regulatory frameworks (e.g., GDPR) is a key component of service reliability and data protection obligations.
Mitigation Recommendations
European organizations should immediately audit their use of the MCP Python SDK and upgrade all instances to version 1.10.0 or later, where the vulnerability is patched. In addition to upgrading, organizations should implement the following specific mitigations: 1) Deploy robust exception handling and monitoring around MCP SDK usage to detect abnormal client behavior that could trigger exceptions. 2) Utilize infrastructure-level resilience such as container orchestration platforms (e.g., Kubernetes) with automatic pod restarts and health checks to minimize downtime from crashes. 3) Implement rate limiting and anomaly detection on client connections to prevent deliberate triggering of exceptions at scale. 4) Conduct penetration testing and fuzz testing on streaming endpoints to identify any residual or related stability issues. 5) Maintain comprehensive logging and alerting to rapidly identify and respond to service crashes. 6) Where feasible, isolate MCP SDK services behind reverse proxies or API gateways that can filter malformed or suspicious requests. These measures go beyond generic advice by focusing on operational resilience and proactive detection tailored to the nature of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-27T12:57:16.121Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6868549c6f40f0eb72a3d4e5
Added to database: 7/4/2025, 10:24:28 PM
Last enriched: 7/4/2025, 10:39:47 PM
Last updated: 7/4/2025, 10:39:47 PM
Views: 2
Related Threats
CVE-2025-53604: CWE-130 Improper Handling of Length Parameter Inconsistency in pimeys web-push
MediumCVE-2025-53603: CWE-476 NULL Pointer Dereference in Alinto SOPE
HighCVE-2025-43711: CWE-459 Incomplete Cleanup in Tunnelblick Project Tunnelblick
HighCVE-2025-26850: CWE-863 Incorrect Authorization in Quest KACE Systems Management Appliance
CriticalCVE-2025-53366: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.