CVE-2025-58062

Name of the Vulnerable Software and Affected Versions openmcp-client versions prior to 0.1.12

Description openmcp-client, a VS Code plugin for MCP developers, contains a flaw where a malicious authorization server endpoint can be provisioned by an attacker when a user on a Windows platform connects to an attacker-controlled MCP server. This can lead to an OS command injection attack in the open() invocation, potentially compromising the client system.

Recommendations Update openmcp-client to version 0.1.12.