Session Hijacking Vulnerability in Oatpp MCP Endpoint by Oatpp
CVE-2025-6515

6.8MEDIUM

Key Information:

Vendor: Oatpp
Status: Oatpp-mcp
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-6515?

The Oatpp MCP endpoint is vulnerable due to its use of a non-unique and cryptographically insecure session ID. This flaw allows attackers with network access to predict and guess session IDs, enabling them to hijack active sessions of legitimate clients. By exploiting this vulnerability, attackers can send malicious responses from the Oatpp MCP server, leading to unauthorized access and potential data breaches. Organizations using Oatpp MCP should implement security measures to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

oatpp-mcp 0

References

https://research.jfrog.com/vulnerabilities/oatpp-mcp-prom...

third-party-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Jun 23, 2025

JSON

Oatpp

What is CVE-2025-6515?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.