Vulners
Lucene search
CVE-2025-6514 OS command injection in mcp-remote when connecting to untrusted MCP servers
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | The vulnerability of the mcp-remote proxy server lies in its failure to eliminate special elements used in the operating system command, allowing attackers to execute arbitrary commands. | 4 Aug 202500:00 | – | bdu_fstec |
 | CVE-2025-6514 | 9 Jul 202514:30 | – | circl |
 | mcp-remote 操作系统命令注入漏洞 | 9 Jul 202500:00 | – | cnnvd |
 | CVE-2025-6514 | 9 Jul 202512:41 | – | cve |
 | EUVD-2025-20823 | 3 Oct 202520:07 | – | euvd |
 | mcp-remote exposed to OS command injection via untrusted MCP server connections | 9 Jul 202515:30 | – | github |
 | CVE-2025-6514 | 9 Jul 202513:15 | – | nvd |
 | GHSA-6XPM-GGF7-WC3P mcp-remote exposed to OS command injection via untrusted MCP server connections | 9 Jul 202515:30 | – | osv |
 | PT-2025-28894 | 17 Jun 202500:00 | – | ptsecurity |
 | CVE-2025-6514 | 11 Jul 202512:44 | – | redhatcve |
10
[
{
"collectionURL": "https://registry.npmjs.org",
"defaultStatus": "unaffected",
"packageName": "mcp-remote",
"versions": [
{
"lessThanOrEqual": "0.1.15",
"status": "affected",
"version": "0.0.5",
"versionType": "semver"
}
]
}
]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Jul 2025 12:41Current
CVSS 3.19.6
EPSS0.12174