CVE-2025-69196

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.14.2

Description FastMCP, a framework for building MCP applications, does not properly validate the resource parameter submitted by the client during authorization and token requests. Instead of issuing tokens specifically for the MCP server, tokens are issued for the base url passed to the OAuthProxy during initialization. This misconfiguration allows an attacker to create a malicious MCP server and steal authentication material for legitimate MCP servers that use the same authorization server. The issue resides in the OAuthProxy component, specifically within the JWTIssuer class, where the issuer and audience are incorrectly set based on the base url instead of the resource parameter. The affected code is located in 'https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth proxy.py#L828'. This can lead to unauthorized access to resources on the legitimate MCP servers. A proof-of-concept (PoC) environment is available for demonstration.

Recommendations Versions prior to 2.14.2 should be updated to version 2.14.2 or later.