216.73.217.64

CVE-2025-62801

· Published 28/10/2025 22:15 · Modified 28/10/2025 22:15

Labels: CVE-2025-62801 2025-10-28CVE-2025-62801CWE-78[email protected]

Essential information

Published
28/10/2025 22:15
Modified
28/10/2025 22:15
Author
Creator
CVSS
5.4 MEDIUM (v3) 5.4 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fastmcp / fastmcp cpe:2.3:a:fastmcp:fastmcp:<2.13.0:*:*:*:*:*:*:*

References