CVE-2025-62801 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence…
Medium CVSS: 5.4

CVE-2025-62801

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.
Vendor
Jlowin
Product
Fastmcp
CWE
CWE-78
Yayın Tarihi
2025-10-28 22:15:37
Güncelleme
2025-11-04 13:24:32
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 Fastmcp MEDIUM Jlowin 2025

Referanslar

https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5 https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5