Insecure Secrets Storage in ToolHive MCP Server Management by Stacklok
CVE-2025-47274

2.4LOW

Key Information:

Vendor

Stacklok

Status
Toolhive
Vendor
CVE Published:
12 May 2025

What is CVE-2025-47274?

ToolHive, a utility for managing Model Context Protocol (MCP) servers, contains a vulnerability where secrets are unintentionally written to run configuration files during the startup process of MCP server containers. This flaw affects versions before 0.0.33. An attacker with access to the user's home directory can read these secrets without direct access to the secure secrets store. This issue only affects secrets associated with containers that have existing run configurations at any given time. Version 0.0.33 addresses this flaw, and users are advised to stop any running MCP servers and delete existing configurations to mitigate risk.

Affected Version(s)

toolhive < 0.0.33

References

https://github.com/stacklok/toolhive/security/advisories/...
x_refsource_CONFIRM
https://github.com/stacklok/toolhive/commit/e8efa1b1d7b07...
x_refsource_MISC
https://github.com/stacklok/toolhive/releases/tag/v0.0.33
x_refsource_MISC

CVSS V4

Score:
2.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.