JFrog Security Research
< Back

JFSA-2025-001290844 - OS command injection in mcp-remote when connecting to untrusted MCP servers

CVE-2025-6514 | CVSS 9.6

JFrog Severity:critical

Discovered ByOr Pelesof the JFrog Security Research Team

Published 9 Jul, 2025 | Last updated 9 Jul, 2025

OS command injection in mcp-remote when connecting to untrusted MCP servers

mcp-remote

[0.0.5, 0.1.15]

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

The vulnerability can be triggered by a malicious MCP server that provides the following authorization_endpoint URL -

file:/c:/windows/system32/calc.exe

No mitigations are supplied for this issue

Fix commit

JFrog Research Blog

< Back