CVE-2025-9611 | THREATINT

Description

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.

PUBLISHED Reserved 2025-08-28 | Published 2026-01-07 | Updated 2026-01-07 | Assigner VulnCheck

HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-749 Exposed Dangerous Method or Function

Product status

Default status

unaffected

Any version before 0.0.40

affected

Credits

Jonathan Leitschuh finder

References

github.com/...search/security/advisories/GHSA-8rgw-6xp9-2fg3 technical-description exploit

github.com/microsoft/playwright/commit/1313fbd patch

www.vulncheck.com/...ng-via-missing-origin-header-validation third-party-advisory

cve.org (CVE-2025-9611)

nvd.nist.gov (CVE-2025-9611)

Download JSON