Blog Home
JFrog Prompt Hijacking - Blog_Thumbnail

CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems
October 21, 2025

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp – the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique “Prompt Hijacking“. Your browser does not …

Read More

Introducing JFrog’s MCP Server: Better vibes and easier AI automation
July 17, 2025

Good news! You no longer have to be a DevOps or JFrog expert to harness the power of the JFrog Software Supply Chain Platform. With the introduction of JFrog’s MCP Server, we’re making the JFrog Platform accessible to your favorite large language models (LLMs). Now, every developer can take advantage of the detailed security and …

Read More
Remote MPC - Blog_Thumbnail

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients
July 09, 2025

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted …

Read More

Popular Tags