Threats Tagged 'cve-2025-66416'
View all threats tagged with 'cve-2025-66416'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2025-66416'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release UpdateCVE-2025-15284 0 Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The platform is an enterprise framework for IT automation that allows teams to share and manage automation content. The advisory references eight CVEs including CVE-2025-15284 and others, indicating a high severity level. No specific technical details about the vulnerabilities or exploits in the wild are provided. The update is available and users are advised to apply it after ensuring all previous errata are installed. Join the discussion | GCVE Database | 01/29/2026, 18:40:37 UTC Added: 05/26/2026, 20:58:18 UTC |
Red Hat Security Advisory: RHOAI 3.3 - Red Hat OpenShift AICVE-2024-25621 0 Red Hat OpenShift AI 3. 3 has a critical security advisory (RHSA-2026:3713) addressing multiple vulnerabilities including CVE-2024-25621 and 45 additional CVEs. The advisory announces updated images for Red Hat OpenShift AI 3. 3 but does not specify individual vulnerability details or fixes. No explicit patch links or direct fixes are provided in the advisory content. Users are directed to Red Hat documentation for upgrade instructions to apply the errata update. The advisory covers a broad range of CWEs indicating diverse vulnerability types. There are no known exploits in the wild reported at this time. Join the discussion | GCVE Database | 03/04/2026, 07:18:30 UTC Added: 05/26/2026, 20:58:12 UTC |
CVE-2025-66416: CWE-1188: Insecure Default Initialization of Resource in modelcontextprotocol python-sdkCVE-2025-66416 0 The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0. Join the discussion | CVE Database V5 | 12/02/2025, 18:14:28 UTC Added: 12/02/2025, 19:05:46 UTC |
Showing 1 to 3 of 3 results