CVE-2025-6514

Name of the Vulnerable Software and Affected Versions mcp-remote versions 0.0.5 through 0.1.15

Description mcp-remote is susceptible to OS command injection due to crafted input from the authorization endpoint response URL when connecting to untrusted MCP servers. This vulnerability allows attackers to execute arbitrary commands on the system. The vulnerability affects approximately 437,000+ downloads. This is the first documented real-world remote code execution case in the MCP ecosystem.

Recommendations Update mcp-remote to version 0.1.16 or later.