Unauthorized Control Vulnerability in Litmus Automation MCP Service
CVE-2025-56405

7.5HIGH

Key Information:

Vendor: Litmus Automation
Status: litmus-mcp-server
Vendor: CVE Published:; 10 September 2025

🔔 Create Litmus Automation Vulnerability Alert

What is CVE-2025-56405?

A security flaw has been identified in Litmus Automation’s MCP Service that enables unauthorized attackers to manipulate the server via the SSE protocol. This vulnerability poses significant risks to system integrity, allowing attackers to gain control over the MCP functionalities without proper authentication. It is imperative for users of litmus-mcp-server to implement immediate protections against potential exploitation.

References

https://github.com/litmusautomation/litmus-mcp-server/iss...

https://github.com/August829/CVEP/issues/3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Aug 16, 2025