CVE-2025-59163 is a vulnerability in the safedep 'vet' tool, an open source software supply chain security scanner. Versions prior to 1.12.5 fail to properly validate HTTP Host and Origin headers, relying instead on reverse DNS resolution for security-critical decisions. This design flaw (CWE-350) allows a DNS rebinding attack, where an attacker manipulates DNS responses to make a victim's browser or client interact with a malicious server as if it were a trusted local resource. Specifically, when vet operates as an MCP server in Server-Sent Events (SSE) mode on default ports, the sqlite3 query MCP tool can be tricked into exposing sensitive scan data stored in the sqlite3 database. The attack requires user interaction and has high complexity due to the need to orchestrate DNS rebinding and SSE communication. The vulnerability impacts confidentiality by potentially exposing sensitive supply chain scan data but does not affect integrity or availability. The issue is resolved in version 1.12.5 by adding proper validation of HTTP Host and Origin headers to prevent DNS rebinding. No public exploits are known, and the CVSS 4.0 base score is 2.1, reflecting low severity due to limited exploitability and impact scope.

For European organizations relying on safedep vet for software supply chain security, this vulnerability could lead to unauthorized disclosure of sensitive scan data stored in the sqlite3 database. Such data may include details about software components, vulnerabilities, or internal infrastructure, which could aid attackers in further attacks or intellectual property theft. The impact is primarily on confidentiality, with no direct effect on system integrity or availability. Organizations using vet as an MCP server in SSE mode on default ports are at risk, especially if exposed to untrusted networks or if users can be tricked into interacting with malicious sites. While the low CVSS score and high attack complexity reduce immediate risk, the exposure of supply chain security data could have downstream effects on trust and compliance, particularly under European data protection regulations. The absence of known exploits suggests limited active threat but patching remains critical to prevent future exploitation.

European organizations should upgrade all instances of safedep vet to version 1.12.5 or later immediately to remediate this vulnerability. Until upgraded, restrict network exposure of vet MCP servers operating in SSE mode by limiting access to trusted internal networks and enforcing strict firewall rules on default ports. Implement network segmentation to isolate vet servers from untrusted endpoints and external internet access. Educate users about the risks of interacting with untrusted websites that could trigger DNS rebinding attacks. Monitor network traffic for unusual DNS queries or SSE connections indicative of exploitation attempts. Additionally, review and harden HTTP header validation policies in any custom integrations with vet. Regularly audit supply chain security tools and their configurations to ensure they follow best practices for secure communication and data handling.