CNNVD-202507-1307 Information

CNNVD ID

CNNVD-202507-1307

Related CVE

CVE-2025-6514

• CNNVD Published: 2025-07-09

Description (Chinese)

mcp-remote是Glen Maddern个人开发者的一个MCP链接软件。 mcp-remote存在操作系统命令注入漏洞，该漏洞源于连接不受信任MCP服务器时存在OS命令注入。

Description (English)

mcp-remote is an MCP link software for Glen Maddern personal developers. mcp-remote has an operating system command-injection loophole, which arises from the presence of an OS command-injection when connected to an untrusted MCP server.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

Live Support

Published

2025-07-09

Last Modified

2026-02-24

References

https://github.com/geelen/mcp-remote/commit/607b226a356cb61a239ffaba2fb3db1c9dea4bac https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability https://research.jfrog.com/vulnerabilities/mcp-remote-command-injection-rce-jfsa-2025-001290844/

Patch

https://github.com/geelen/mcp-remote/tags