MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-62801

🔴 HIGH

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute...

Published
Oct 28, 2025
Last Modified
Nov 04, 2025
Views
0
Bookmarks
0

Description

Request Expert Review

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.

Affected Products (1)

jlowin - fastmcp

Version: *

CVSS Scores

CVSS 3.1 7.8
7.8
HIGH
CVSS 2.0 7.8

References

github.com github.com

Additional Information

Source
security-advisories@github.com
State
Analyzed

Related CVEs

CVE-2025-4522

MEDIUM

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin...

Score: 6.5

CVE-2025-4519

HIGH

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capabili...

Score: 8.8

CVE-2025-12352

CRITICAL

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function i...

Score: 9.8

CVE-2025-64323

MEDIUM

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any cl...

Score: 5.3

CVE-2025-64184

HIGH

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from dif...

Score: 8.8

CVE-2025-64180

CRITICAL

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorize...

Score: 10.0

Share CVE-2025-62801

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-62801 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis