CVE-2025-64340

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 3.2.0

Description FastMCP, a framework for building MCP applications, is susceptible to command injection on Windows systems when server names contain shell metacharacters, such as &. This occurs during the fastmcp install claude-code or fastmcp install gemini-cli processes. The subprocess.run() function, used with a list argument, can be exploited because the target CLIs on Windows often resolve to .cmd wrappers executed by cmd.exe, which interprets these metacharacters. The vulnerability allows for arbitrary command execution with the privileges of the user running the fastmcp install command. Affected systems are Windows hosts with the target CLI installed as a .cmd wrapper. The issue does not affect macOS or Linux, nor does it affect config-file-based install targets.

Recommendations Versions prior to 3.2.0 should be updated to version 3.2.0 or later.