CVE-2025-47274

Description

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux).

Weakness Type (CWE)

CWE-311 CWE-311

References

Other References

https://github.com/stacklok/toolhive/commit/e8efa1b1d7b0776a39339257d30bf6c4a171f2b8 https://github.com/stacklok/toolhive/releases/tag/v0.0.33 https://github.com/stacklok/toolhive/security/advisories/GHSA-xj5p-w2v5-fjm6

Frequently Asked Questions

What is CVE-2025-47274? +

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux).

How do I check if I'm vulnerable to CVE-2025-47274? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-7396

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.

CVE-2024-38283

Sensitive customer information is stored in the device without encryption.

CVE-2025-1243

The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy …

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT …

CVE-2025-36751

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to …

CVE-2023-6339 10.0

Google Nest WiFi Pro root code-execution & user-data compromise