Mendix has addressed this. I couldn't quite find which Mx version, but I think it is this Security Advisory. Upgrading to the mentioned versions should resolve the vulnerability.
The metamodel.json will still be accessible, but now no longer contains vulnerable/sensitive details about your domain model, entity names and microflow names. The metamodel.json needs to be accessible for Mendix to work properly (as you already found out).
So I guess upgrading to the correct Mendix version is the only solution (and explaining to the pentesters it is not a vulnerability).