Back to search
CVE-2025-59163
Published: Sep 29, 2025
Modified: Sep 30, 2025
PUBLISHED
Description
vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool. This issue is fixed in version 1.12.5.
| Vendor | Product | Versions |
|---|---|---|
safedep | vet | affected < 1.12.5 |
Weaknesses (CWE)
References
https://github.com/safedep/vet/security/advisories/GHSA-6q9c-m9fr-865m
x_refsource_CONFIRM
https://github.com/safedep/vet/releases/tag/v1.12.5
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now