← Volver a CVEs
CVE-2025-62801
HIGH7.8
Descripcion
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/28/2025
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
jlowin:fastmcp
Debilidades (CWE)
CWE-78
Referencias
https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5(security-advisories@github.com)
https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.