CVE-2025-6514

OS command injection in mcp-remote when connecting to untrusted MCP servers

CVSS 9.6 CRITICALEPSS 76.6%CWE-78

Vexday Risk Score

70High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.6EPSS 76.6%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

09 Jul 2025Published on NVD

11 Jul 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

mcp-remote

public PoCs found — 2

githubgithub.com/Cyberency/CVE-2025-6514★ 7 githubgithub.com/ChaseHCS/CVE-2025-6514★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/geelen/mcp-remote/commit/607b226a356cb61a239ffaba2fb3db1c9dea4bac https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability https://research.jfrog.com/vulnerabilities/mcp-remote-command-injection-rce-jfsa-2025-001290844/