CNNVD-202512-2524 Information

CNNVD ID

CNNVD-202512-2524

Related CVE

CVE-2025-14542

• CNNVD Published: 2025-12-13

Description (Chinese)

Universal Tool Calling Protocol是Universal Tool Calling Protocol开源的一个UTCP的官方python实现库。 Universal Tool Calling Protocol存在安全漏洞，该漏洞源于客户端从远程Manual Endpoint获取工具的JSON规范时，恶意提供者可能更改手册以利用客户端。

Description (English)

Universal Tool Calling Protocol is an official PTCP python realization bank from Universal Tool Calling Protocol. There is a security loophole in United Tool Calling Protocol, which stems from the possible change of the manual by the malicious provider to take advantage of the client when the client acquires the JSON code from the remote Manual Endpoint.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Universal Tool Calling Protocol

Published

2025-12-13

Last Modified

2026-02-24

References

https://research.jfrog.com/vulnerabilities/python-utcp-untrusted-manual-command-execution-jfsa-2025-001648329/ https://github.com/universal-tool-calling-protocol/python-utcp/commit/2dc9c02df72cad3770c934959325ec344b441444 https://access.redhat.com/security/cve/cve-2025-14542