- Description
- mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
- Source
- reefs@jfrog.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- reefs@jfrog.com
- CWE-78
- Hype score
- Not currently trending
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/J3SHk7qywt
@_r_netsec
17 Jul 2025
1112 Impressions
2 Retweets
7 Likes
5 Bookmarks
1 Reply
0 Quotes
CVE-2025-6514: mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL https://t.co/cufgwXpzlw
@ZeroDayFacts
16 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗖𝗥𝗜𝗧𝗜𝗖𝗔𝗟 𝗔𝗟𝗘𝗥𝗧: 𝗺𝗰𝗽-𝗿𝗲𝗺𝗼𝘁𝗲 𝗩𝘂𝗹𝗻 𝗘𝘅𝗽𝗼𝘀𝗲𝘀 𝗟𝗟𝗠 𝗖𝗹𝗶𝗲𝗻𝘁𝘀 𝘁𝗼 𝗥𝗲𝗺𝗼𝘁𝗲 𝗖𝗼𝗱𝗲 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 (𝗖𝗩
@RootsOdin
15 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Guess what? Like any tech, #MCP isn't immune to flaws. #CVE-2025-6514 affects NPM's mcp-remote MCP client library versions 0.5.0-0 through 0.1.15, allowing OS command injection via URL authentication when connecting to untrusted MCP servers – and yes, that means possible #RCE.
@CheckmarxZero
15 Jul 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6514 (CVSS:9.6, CRITICAL) is Awaiting Analysis. mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the aut..https://t.co/bHgpmcSVc7 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/5bkdCatYZH #appsec
@eyalestrin
12 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: #CVE-2025-6514 (CVSS 9.6, CRITICAL) — #mcp-remote vulnerable to OS command injection via crafted input from malicious "authorization_endpoint" response. More info at: https://t.co/muUgDyjev2 #Patch #Patch #Patch
@CCBalert
11 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads Critical vulnerabilities have been found in tools using Anthropic’s Model Context Protocol (MCP), posing major security risks. CVE-2025-6514 (CVSS 9.6) affects the "mcp-remote proxy",
@dCypherIO
11 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
محققان آسیبپذیری بحرانی در پروژه متنباز mcp-remote کشف کردهاند که میتواند منجر به اجرای دستورات دلخواه سیستم عامل شود. این آسیبپذیری با شناسه CVE-2025-6514
@Teeegra
11 Jul 2025
565 Impressions
0 Retweets
13 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6514: Command Injection in mcp-remote Turns Client Connections into Attack Vectors https://t.co/OdHRVnQoMU
@_cvereports
11 Jul 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilità critica CVE-2025-6514: rischio RCE per client MCP-Remote nel mondo AI Vulnerabilità, AI, attacchi RCE, mcp, mcp-remote, rce https://t.co/aXn1MZ1gIU https://t.co/3pfLdONJRT
@matricedigitale
11 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
10/07/2025 Critical mcp-remote vulnerability (CVE-2025-6514) enables RCE on 437,000+ systems! 🚨 With a CVSS score of 9.6, immediate patching is essential to mitigate risks. Source: https://t.co/TU1gLglnLv
@kernyx64
11 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in mcp-remote (CVE-2025-6514) affects versions up to 0.1.15, enabling remote code execution via malicious MCP servers. Over 437,000 downloads impacted; updates to 0.1.16 are recommended. ⚠️ #OpenSource #SecurityUK https://t.co/VELyMQ9o18
@TweetThreatNews
10 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaw CVE-2025-6514 in mcp-remote project poses high-risk vulnerability. Addressing it is crucial for system security. https://t.co/wA7PT5jGIR #Cybersecurity #InfoSec
@threatlight
10 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients - https://t.co/kD0IG34ft5 https://t.co/eHCZQOo8HW
@AISecHub
10 Jul 2025
179 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical vulnerability (CVE-2025-6514) in mcp-remote enables FULL Remote Code Execution in LLM clients. The flaw affects Claude Desktop, Cursor & Windsurf apps connecting to untrusted MCP servers. First documented RCE case in MCP communications with CVSS score of 9.6.
@threatcluster
10 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/YZFdcreQbh
@Dinosn
10 Jul 2025
2235 Impressions
5 Retweets
11 Likes
3 Bookmarks
0 Replies
0 Quotes
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/J3SHk7qywt
@_r_netsec
9 Jul 2025
1940 Impressions
9 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6514: CRITICAL] mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL#cve,CVE-2025-6514,#cybersecurity https://t.co/fKvXNHlcRI https://t.co/nxcPrhXHR8
@CveFindCom
9 Jul 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes