Vulnerabilities

CVE-2025-62801

by Fred · 28/10/2025

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.

More information : https://github.com/jlowin/fastmcp/security/advisories/GHSA-rj5c-58rq-j5g5

Similar

Tags: Cybersecurity Alert