A critical vulnerability in the mcp-remote project, tracked as CVE-2025-6514, has been identified, carrying a CVSS score of 9.6. This vulnerability permits attackers to execute arbitrary operating system commands when mcp-remote connects to an untrusted server, significantly compromising system security. Versions from 0.0.5 to 0.1.15 are affected, with 0.1.16 addressing the issue. The mcp-remote tool, downloaded over 437,000 times, enables communication between clients and remote servers. Malicious MCP servers can exploit the vulnerability during connection initiation to execute commands on the client OS.
The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted MCP server, posing a significant risk to users - a full system compromise." Or Peles, JFrog Vulnerability Research Team Leader, said.
While previously published research has demonstrated risks from MCP clients connecting to malicious MCP servers, this is the first time that full remote code execution is achieved in a real-world scenario on the client operating system when connecting to an untrusted remote MCP server." Peles said.
Collection
[
|
...
]