AI/ML

AI agent takeovers likely with Oat++ MCP vulnerability

(Adobe Stock)

Artificial intelligence agents could have their Model Context Protocol sessions hijacked in attacks involving an Oat++ MCP implementation bug, tracked as CVE-2025-6515, The Register reports.

Threat actors with relevant HTTP server access could exploit the vulnerability, which stems from how the oatpp-mcp's MCP SSE endpoint returns an instance pointer similar to the session ID, to facilitate accelerated session creation and destruction for the subsequent reassigning of IDs to legitimate client sessions, according to JFrog researchers. Breached IDs could then be harnessed for tool requests and command injections.

"As AI models become increasingly embedded in workflows via protocols like MCP, they inherit new risks this session-level exploit shows how the model itself remains untouched while the ecosystem around it is compromised," said researchers, who recommended the usage of cryptographically secure random number generators in servers, as well as robust session separation and expiry mechanisms in transport channels, to mitigate such intrusions.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds