CVE-2025-65513

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

09/12/2025

Last modified:

09/12/2025

Description

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

Impact

References to Advisories, Solutions, and Tools

https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-65513.md
https://thorn-pheasant-6d8.notion.site/fetch-mcp-2853daf7b44180029ca5d56e03195736