CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

Published Dec 10, 2025

https://github.com/advisories/GHSA-8fxj-2g9q-8fjw

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

Published Dec 10, 2025

https://github.com/advisories/GHSA-8fxj-2g9q-8fjw

CVSS ScoreHigh

7.5


npm	mcp-fetch-server	1.0.0
npm	mcp-fetch-server	1.0.1
npm	mcp-fetch-server	1.0.2

Ecosystem	Package	Version


npm	mcp-fetch-server	1.0.0
npm	mcp-fetch-server	1.0.1
npm	mcp-fetch-server	1.0.2

Find vulnerabilities. Fix fast with AI.

CVE-2025-65513

CVE-2025-65513