PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-9611 Microsoft CVE debrief

CVE-2025-9611 is a high-severity vulnerability in Microsoft Playwright MCP Server versions prior to 0.0.40. The vulnerability allows an attacker to perform a DNS rebinding attack via a victim's web browser, sending unauthorized requests to a locally running MCP server, and resulting in unintended invocation of MCP tool endpoints. This issue arises from the failure of Microsoft Playwright MCP Server to validate the Origin header on incoming connections. Organizations should prioritize patching this vulnerability to prevent potential DNS rebinding attacks.

Vendor
Microsoft
Product
Playwright
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-07
Original CVE updated
2026-07-14
Advisory published
2026-01-07
Advisory updated
2026-07-14

Who should care

Organizations using Microsoft Playwright MCP Server versions prior to 0.0.40 should prioritize patching this vulnerability to prevent potential DNS rebinding attacks. This is crucial for ensuring the security of their locally running MCP servers and preventing unauthorized actions.

Technical summary

The vulnerability exists due to the failure of Microsoft Playwright MCP Server to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack, sending unauthorized requests to a locally running MCP server, and resulting in unintended invocation of MCP tool endpoints. The CVSS score for this vulnerability is 7.2, indicating a high severity. Affected organizations should focus on patching the vulnerable versions of Microsoft Playwright MCP Server.

Defensive priority

High priority should be given to patching this vulnerability, as it can be exploited to perform unauthorized actions on a locally running MCP server.

Recommended defensive actions

  • Apply the patch for Microsoft Playwright MCP Server version 0.0.40 or later
  • Verify that the Origin header is validated for incoming connections
  • Monitor for suspicious activity on the MCP server
  • Implement compensating controls, such as network segmentation or access controls
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-01-07T12:17:06.697Z and last modified on 2026-07-14T23:17:29.093Z. The NVD entry is currently Deferred. This information is based on the provided source corpus. Further verification is recommended to ensure accuracy.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-07T12:17:06.697Z and has not been modified since then. The NVD entry is currently Deferred.