Reliance on Reverse DNS Resolution for a Security-Critical Action

CVE-2025-59163

Low

2.1/10

Summary

Vet is an open source software supply chain security tool. In github.com/safedep/vet versions prior to 1.12.5 are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool.

Attack Complexity: HIGH
Attack Vector: NETWORK
User Interaction: ACTIVE
Privileges Required: NONE

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Sep 29, 2025

Reliance on Reverse DNS Resolution for a Security-Critical Action

CVE-2025-59163

Summary

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS