CNNVD-202510-3770 Information

CNNVD ID

CNNVD-202510-3770

Related CVE

CVE-2025-62801

• CNNVD Published: 2025-10-28

Description (Chinese)

FastMCP是Jeremiah Lowin个人开发者的一个MCP服务器构建软件。 FastMCP 2.13.0之前版本存在操作系统命令注入漏洞，该漏洞源于server_name字段容易受到命令注入攻击，可能导致在Windows主机上执行任意OS命令。

Description (English)

FastMCP is an MCP server builder for Jeremiah Lowin, a personal developer. The previous version of FastMCP 2.1.3.0 had an operational system command-injecting loophole, which arose from the vulnerability of the server name field to command-injection, which could lead to the execution of arbitrary OS orders on the Windows mainframe.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-10-28

Last Modified

2026-02-24

References

https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5 https://access.redhat.com/security/cve/cve-2025-62801

Patch

https://github.com/jlowin/fastmcp/releases