JFrog Security Research has identified and disclosed several vulnerabilities in oatpp-mcp, a framework implementing Anthropic’s Model Context Protocol (MCP), with CVE-2025-6515 being particularly notable due to its potential for session ID hijacking. This vulnerability, termed "Prompt Hijacking," allows attackers to manipulate AI behavior by exploiting session-level protocol mechanics without altering the model itself. MCP, developed by Anthropic in 2024, facilitates real-time context provision to AI models, bridging the gap between training data and current environments. The protocol's architecture includes components such as MCP Hosts, Clients, Servers, and various data sources, with communication facilitated through JSON-RPC and multiple transport methods, including the recently deprecated SSE. The flaw arises from using memory pointers as session IDs in Oat++'s MCP implementation, leading to predictable and non-secure session IDs that attackers can exploit to inject malicious prompts. The impact of these attacks depends on how MCP clients process incoming data, with traditional defenses potentially bypassed by attackers. To mitigate such vulnerabilities, the implementation of cryptographically secure random generators for session IDs and robust event validation and session management practices are recommended.