High severityOSV Advisory· Published Jul 4, 2025· Updated Apr 15, 2026
CVE-2025-53365
CVE-2025-53365
Description
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mcpPyPI | < 1.10.0 | 1.10.0 |
Affected products
2- Range: v1.0.0, v1.4.0, v1.4.1, …
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-j975-95f5-7wqhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53365ghsaADVISORY
- github.com/modelcontextprotocol/python-sdk/commit/7b420656de48cfdb90b39eb582e60b6d55c2f891nvdWEB
- github.com/modelcontextprotocol/python-sdk/pull/967nvdWEB
- github.com/modelcontextprotocol/python-sdk/releases/tag/v1.10.0ghsaWEB
- github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-j975-95f5-7wqhnvdWEB
News mentions
0No linked articles in our index yet.