CVE-2025-6514

Published Jul 9, 2025

Last updated 2 months ago

CVSS critical 9.6
MCP
mcp-remote

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6514 is a vulnerability in mcp-remote that can lead to arbitrary OS command execution when Model Context Protocol (MCP) clients connect to an untrusted MCP server. This is due to crafted input from the authorization\_endpoint response URL. The vulnerability affects mcp-remote versions 0.0.5 to 0.1.15 and has been fixed in version 0.1.16. The mcp-remote tool is used by applications like Claude Desktop, Cursor, and Windsurf to connect with remote MCP servers via HTTP transport by serving as a proxy. When a user configures their LLM host to connect to a remote MCP server, mcp-remote initiates communication with the MCP server and may be asked to authenticate. The server responds with its authorization\_endpoint URL, which, if crafted maliciously, can cause a command injection, allowing an attacker to execute arbitrary OS commands.

Description
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
Source
reefs@jfrog.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.6
Impact score
6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

reefs@jfrog.com
CWE-78

Social media

Hype score
Not currently trending

  1. MCP is powerful, but the security stakes are high. 🛡️ Prompt injection, tool poisoning, OAuth flaws (e.g. CVE-2025-6514), RCE risks. Case studies: SQLite MCP with SQL injection, Asana duped via multi-tenant exposure, Jira agents manipulated via prompts. Must-do’s: lea

    @DataScienceDojo

    17 Sept 2025

    2161 Impressions

    3 Retweets

    10 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  2. Selling #nday #exploit for CVE-2025-6514 (mcp-remote) <= 0.1.15! Contact marshallwhittaker@gmail.com or dm for details! #Hacking #CyberSec #hackingtool #infosec https://t.co/NEfoLh6Sst

    @oxagast

    24 Aug 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 A flaw in MCP-remote (CVE-2025-6514) has compromised 437K+ AI dev environments, turning into a massive #SoftwareSupplyChain attack. Learn how it happened and how to lock down your #AI workflows: https://t.co/IPLGUG2Ieh

    @jfrog

    14 Aug 2025

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 437,000+ downloads of a popular proxy. ⚠️ One malicious OAuth response. 💥 Your shell executes. Full RCE. This is CVE-2025-6514. 🧟‍♂️ MCP Horror Stories: Issue 2 breaks it down. Docker MCP shuts it down. 📖 Read it: https://t.co/Rmyfcn8LoG https://t.co/8VanUwB9

    @Docker

    7 Aug 2025

    34194 Impressions

    13 Retweets

    49 Likes

    12 Bookmarks

    4 Replies

    2 Quotes

  5. Vulnerabilidad crítica en mcp-remote (CVE-2025-6514, CVSS 9.6) permite ejecución remota de código, afectando 437,000+ descargas. Actualiza a v0.1.16 y usa servidores MCP confiables con HTTPS. #Ciberseguridad #MCP https://t.co/1ho0KMWyfl

    @taidynamics

    6 Aug 2025

    21 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. MCP adoption is surging—and July brought the first critical RCE in the toolchain: mcp-remote (CVE-2025-6514). If you connect to untrusted servers, you’re exposed. Update to 0.1.16. #MCP #AppSec #RCE https://t.co/B6Nc2ePKnn

    @DeepEngineerHub

    5 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/J3SHk7qywt

    @_r_netsec

    17 Jul 2025

    1112 Impressions

    2 Retweets

    7 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  8. CVE-2025-6514: mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL https://t.co/cufgwXpzlw

    @ZeroDayFacts

    16 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 𝗖𝗥𝗜𝗧𝗜𝗖𝗔𝗟 𝗔𝗟𝗘𝗥𝗧: 𝗺𝗰𝗽-𝗿𝗲𝗺𝗼𝘁𝗲 𝗩𝘂𝗹𝗻 𝗘𝘅𝗽𝗼𝘀𝗲𝘀 𝗟𝗟𝗠 𝗖𝗹𝗶𝗲𝗻𝘁𝘀 𝘁𝗼 𝗥𝗲𝗺𝗼𝘁𝗲 𝗖𝗼𝗱𝗲 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 (𝗖𝗩

    @RootsOdin

    15 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Guess what? Like any tech, #MCP isn't immune to flaws. #CVE-2025-6514 affects NPM's mcp-remote MCP client library versions 0.5.0-0 through 0.1.15, allowing OS command injection via URL authentication when connecting to untrusted MCP servers – and yes, that means possible #RCE.

    @CheckmarxZero

    15 Jul 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-6514 (CVSS:9.6, CRITICAL) is Awaiting Analysis. mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the aut..https://t.co/bHgpmcSVc7 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    14 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/5bkdCatYZH #appsec

    @eyalestrin

    12 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Warning: #CVE-2025-6514 (CVSS 9.6, CRITICAL) — #mcp-remote vulnerable to OS command injection via crafted input from malicious "authorization_endpoint" response. More info at: https://t.co/muUgDyjev2 #Patch #Patch #Patch

    @CCBalert

    11 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads Critical vulnerabilities have been found in tools using Anthropic’s Model Context Protocol (MCP), posing major security risks. CVE-2025-6514 (CVSS 9.6) affects the "mcp-remote proxy",

    @dCypherIO

    11 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. محققان آسیب‌پذیری بحرانی در پروژه متن‌باز mcp-remote کشف کرده‌اند که می‌تواند منجر به اجرای دستورات دلخواه سیستم عامل شود. این آسیب‌پذیری با شناسه CVE-2025-6514

    @Teeegra

    11 Jul 2025

    565 Impressions

    0 Retweets

    13 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-6514: Command Injection in mcp-remote Turns Client Connections into Attack Vectors https://t.co/OdHRVnQoMU

    @_cvereports

    11 Jul 2025

    17 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Vulnerabilità critica CVE-2025-6514: rischio RCE per client MCP-Remote nel mondo AI Vulnerabilità, AI, attacchi RCE, mcp, mcp-remote, rce https://t.co/aXn1MZ1gIU https://t.co/3pfLdONJRT

    @matricedigitale

    11 Jul 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 10/07/2025 Critical mcp-remote vulnerability (CVE-2025-6514) enables RCE on 437,000+ systems! 🚨 With a CVSS score of 9.6, immediate patching is essential to mitigate risks. Source: https://t.co/TU1gLglnLv

    @kernyx64

    11 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. A critical vulnerability in mcp-remote (CVE-2025-6514) affects versions up to 0.1.15, enabling remote code execution via malicious MCP servers. Over 437,000 downloads impacted; updates to 0.1.16 are recommended. ⚠️ #OpenSource #SecurityUK https://t.co/VELyMQ9o18

    @TweetThreatNews

    10 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Critical flaw CVE-2025-6514 in mcp-remote project poses high-risk vulnerability. Addressing it is crucial for system security. https://t.co/wA7PT5jGIR #Cybersecurity #InfoSec

    @threatlight

    10 Jul 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients - https://t.co/kD0IG34ft5 https://t.co/eHCZQOo8HW

    @AISecHub

    10 Jul 2025

    179 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. 🚨 Critical vulnerability (CVE-2025-6514) in mcp-remote enables FULL Remote Code Execution in LLM clients. The flaw affects Claude Desktop, Cursor & Windsurf apps connecting to untrusted MCP servers. First documented RCE case in MCP communications with CVSS score of 9.6.

    @threatcluster

    10 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/YZFdcreQbh

    @Dinosn

    10 Jul 2025

    2235 Impressions

    5 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  24. Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/J3SHk7qywt

    @_r_netsec

    9 Jul 2025

    1940 Impressions

    9 Retweets

    15 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  25. [CVE-2025-6514: CRITICAL] mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL#cve,CVE-2025-6514,#cybersecurity https://t.co/fKvXNHlcRI https://t.co/nxcPrhXHR8

    @CveFindCom

    9 Jul 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.