CVE-2025-53365
published 2025-07-04CVE-2025-53365: The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately…
PriorityP347high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.35%
27.1th percentile
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modelcontextprotocol | python-sdk | < 1.10.0 | 1.10.0 |
CVSS provenance
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat8.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
ghsa·2025-07-04
CVE-2025-53365 [HIGH] CWE-248 MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures.
Thank you to Rich Harang for reporting this issue.
OSV
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
osv·2025-07-04
CVE-2025-53365 [HIGH] MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures.
Thank you to Rich Harang for reporting this issue.
Red Hat
mcp: MCP Server Crash via ClosedResourceError
vendor_redhat·2025-07-04·CVSS 8.7
CVE-2025-53365 [HIGH] CWE-248 mcp: MCP Server Crash via ClosedResourceError
mcp: MCP Server Crash via ClosedResourceError
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
A flaw was found in MCP. The `mcp` Python SDK exhibits an uncaught exception when a client intentionally triggers an error following the establishment of a streamable HTTP session. This condition allows a remote attacker to ca
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-04
Published