A security vulnerability in the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) has been identified, enabling attackers to hijack active AI sessions. This flaw (CVE-2025-6515) permits attackers to predict or capture session IDs, allowing them to inject malicious responses into active conversations via the oatpp-mcp server. The vulnerability arises from the reuse of session IDs, particularly when the MCP server uses the Server-Sent Events (SSE) method, where session IDs are not uniquely or securely generated. Attackers can exploit this by rapidly creating and destroying sessions, logging IDs, and injecting malicious commands into requests. This poses a significant risk, highlighting the importance of implementing cryptographically secure session ID generation and robust session management practices. To mitigate risks, developers are urged to avoid simple sequential IDs and ensure strong transport safety measures. Addressing these vulnerabilities is crucial for securing AI interactions in web applications.
Source link
Share
Read more