LSTM-Kirigaya’s openmcp-client Vulnerable to RCE in MCP Authorization Flow

7.3 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.

Basic Information

ID CVE-2025-58062

Source GitHub_M

Published Aug 28, 2025 at 22:14

Affected Product

Vendor LSTM-Kirigaya

Product openmcp-client

Version < 0.1.12

Affected Versions LSTM-Kirigaya openmcp-client < 0.1.12

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.",
    "published": "2025-08-28T22:14:01.744Z",
    "modified": "2025-08-28T22:14:01.744Z",
    "type": "cve",
    "title": "LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow",
    "source": "GitHub_M",
    "references": "https://github.com/LSTM-Kirigaya/openmcp-client/security/advisories/GHSA-43m4-p3rv-c4v8\nhttps://github.com/LSTM-Kirigaya/openmcp-client/commit/9c3799d6ffae8d0cdfab25a53af75e1afc85f6c3\nhttps://drive.google.com/file/d/1lSqFkc412aX6a_fjmNfzXsJKE7b8jPqD/view?usp=sharing",
    "id": "CVE-2025-58062",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "LSTM-Kirigaya openmcp-client < 0.1.12",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "openmcp-client",
    "version": "< 0.1.12",
    "vendor": "LSTM-Kirigaya",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

LSTM-Kirigaya’s openmcp-client Vulnerable to RCE in MCP Authorization Flow_CVE-2025-58062