A security flaw in the Oat++ implementation of Anthropic's Model Context Protocol (MCP) allows attackers to predict or capture session IDs from active AI conversations, hijack MCP sessions, and inject malicious responses via the oatpp-mcp server.

Oat++ is an open source, C++ web framework for building web applications, and MCP is the Anthropic-developed standard for connecting AI agents with data sources. oatpp-mcp is the Oat++ framework's MCP integration that allows developers to expose application endpoints as MCP-compatible interfaces.

The vulnerability, tracked as CVE-2025-6515 , can be exploited to hijack MCP session IDs.

These IDs determine where the MCP server sends its responses. To secure each session, the protocol requires session IDs to be globally unique and randomly generat

See Full Page