A vulnerability was identified in samanhappy MCPHub up to 0.9.10 affecting the handleSseConnection function in src/services/sseService.ts. This leads to improper authentication and can be exploited remotely. The vendor was contacted regarding this issue but did not respond.
CVE-2025-11287
🟠High
CVE-2025-11287: Vulnerability in samanhappy MCPHub
CVE-2025-11287 reveals a vulnerability in samanhappy MCPHub up to version 0.9.10, allowing improper authentication through sseService.ts. Exploits are public.
CVE ID
CVE-2025-11287
CVSS Score
7.3
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11287
- Severity
- High
- CVSS v3 Score
- 7.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners