Artificial intelligence agents could have their Model Context Protocol sessions hijacked in attacks involving an Oat++ MCP implementation bug, tracked as CVE-2025-6515, The Register reports. Threat actors with relevant HTTP server access could exploit the vulnerability, which stems from how the oatpp-mcp's MCP SSE endpoint returns an instance pointer similar to the session ID, to facilitate accelerated session creation and destruction for the subsequent reassigning of IDs to legitimate client sessions, according to JFrog researchers. Breached IDs could then be harnessed for tool requests and command injections.

As AI models become increasingly embedded in workflows via protocols like MCP, they inherit new risks this session-level exploit shows how the model itself remains untouched while the ecosystem around it is compromised. Researchers recommend the usage of cryptographically secure random number generators in servers, as well as robust session separation and expiry mechanisms in transport channels, to mitigate such intrusions.