CVE-2025-6514

CRITICAL

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

CVSS v3.1 Score

9.6

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 7/9/2025Modified: 4/15/2026

Related Intelligence (2)

CRITICALSupply Chain

1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution

We find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erected an infrastructure so thoroughly unfortified that it beggars belief. The Model Context Protocol, which Anthropic unveil

CVE-2025-32711CVE-2025-6514

11h agoCSO Online

HIGHRansomware

Your CTEM program is probably ignoring MCP. Here’s how to fix it

Model Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures that security teams lack adequate tooling to see and address. Integrating MCP risks into a Continuous Threat Exposure Ma

CVE-2025-6514CVE-2025-49596

3d agoCSO Online

References (3)

https://github.com/geelen/mcp-remote/commit/607b226a356cb61a239ffaba2fb3db1c9dea4bac https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability https://research.jfrog.com/vulnerabilities/mcp-remote-command-injection-rce-jfsa-2025-001290844/