CVE-2025-6514

OS command injection in mcp-remote when connecting to untrusted MCP servers

CVSS 9.6 CRITICALEPSS 76.6%CWE-78

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

mcp-remote

public PoCs found — 2

githubgithub.com/Cyberency/CVE-2025-6514★ 7 githubgithub.com/ChaseHCS/CVE-2025-6514★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/geelen/mcp-remote/commit/607b226a356cb61a239ffaba2fb3db1c9dea4bac https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability https://research.jfrog.com/vulnerabilities/mcp-remote-command-injection-rce-jfsa-2025-001290844/