AVE-2025-0014 — MCP Tool Registration Poisoning

MCP Tool Registration Poisoning

🟠 HIGH tool proven AVE-2025-0014

· aka: Tool Description Attack, MCP Injection

Summary

MCP (Model Context Protocol) tool registries accept malicious tool definitions without verification. Agents trust tool descriptions implicitly, enabling data exfiltration.

Blast Radius

Full PII/secret exfiltration through tool call arguments.

Prerequisites

Agent uses MCP or dynamic tool registry.

Environment

Frameworks: LangGraph
Models tested: [Available in NAIL SDK]
Multi-agent: No
Tools required: Yes
Memory required: No

AVE-2025-0026
AVE-2025-0032
AVE-2025-0019

🛡️ NAIL Institute — AVE Database

MCP Tool Registration Poisoning

Summary

Blast Radius

Prerequisites

Environment

Related