CNNVD-202508-2342 Information

CNNVD ID

CNNVD-202508-2342

Related CVE

CVE-2025-9262

• CNNVD Published: 2025-08-20

Description (Chinese)

mcp-cli是wong2个人开发者的一个模型上下文协议检查器。 mcp-cli 1.13.0版本存在安全漏洞，该漏洞源于对文件/src/oauth/provider.js中函数redirectToAuthorization的错误操作导致os命令注入。

Description (English)

mcp-cli is a model context protocol checker for wong2 individual developers. mcp-cli 1.13.0 has a security loophole, which results from an error in the function redirectToAuthorization in file/src/oauth/provider.js, resulting in an Os command injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-20

Last Modified

2026-02-24

References

https://gist.github.com/superboy-zjc/a01bd059c4078249d899f8c70c8feb0e#proof-of-concept https://vuldb.com/?submit.631697 https://vuldb.com/?id.320804 https://vuldb.com/?ctiid.320804 https://nvd.nist.gov/vuln/detail/CVE-2025-9262