CNNVD-202508-3285 Information
CNNVD ID
CNNVD-202508-3285
Related CVE
- CNNVD Published: 2025-08-28
Description (Chinese)
openmcp-client是Kirigaya Kazuto个人开发者的一个多功能vscode插件。 openmcp-client 0.1.12之前版本存在操作系统命令注入漏洞,该漏洞源于Windows平台连接恶意MCP服务器可能导致OS命令注入。
Description (English)
Openmcp-client is a multifunctional vscode plugin for Kirigaya Kazuto’s personal developer. There is an operational system command-injection loophole in the pre-version of openmcp-client 0.1.12, which stems from the fact that the Windows platform connects to a malicious MCP server that could result in an OS-injection.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
个人开发者
Published
2025-08-28
Last Modified
2026-02-24
References
https://github.com/LSTM-Kirigaya/openmcp-client/security/advisories/GHSA-43m4-p3rv-c4v8 https://github.com/LSTM-Kirigaya/openmcp-client/commit/9c3799d6ffae8d0cdfab25a53af75e1afc85f6c3 https://drive.google.com/file/d/1lSqFkc412aX6a_fjmNfzXsJKE7b8jPqD/view?usp=sharing https://nvd.nist.gov/vuln/detail/CVE-2025-58062
Patch
https://github.com/LSTM-Kirigaya/openmcp-client/releases
Share on: