Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Grok 4 appears to be consulting with Elon Musk to answer controversial questions

In Varda Space, major players in Silicon Valley make big bets on making drugs in space

A critical MCP-Remote vulnerability allows remote code execution, affecting over 437,000 downloads

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » A critical MCP-Remote vulnerability allows remote code execution, affecting over 437,000 downloads
Identity

A critical MCP-Remote vulnerability allows remote code execution, affecting over 437,000 downloads

userBy userJuly 10, 2025No Comments4 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

July 10, 2025Ravi LakshmananVulnerability / AI Security

Cybersecurity researchers have discovered a critical vulnerability in open source MCP remote projects that could result in the execution of any operating system (OS) commands.

The vulnerability tracked as CVE-2025-6514 has a CVSS score of 9.6 out of 10.0.

“The vulnerability poses a significant risk to the user when an attacker initiates a connection to an untrusted MCP server, which can trigger the execution of arbitrary OS commands on the machine running the MCP remote.

MCP-Remote is a tool that emerged following the release of Model Context Protocol (MCP) Anthropic. It is an open source framework that standardizes the way large-scale language model (LLM) applications integrate and share data with external data sources and services.

Rather than running locally on the same machine as the LLM application, it acts as a local proxy that allows MCP clients such as Claude desktops to communicate with the remote MCP server. The NPM package has been downloaded over 437,000 times so far.

The vulnerability affects MCP-Remote versions from 0.0.5 to 0.1.15. Addressed in version 0.1.16, released on June 17, 2025. Anyone using an MCP remote that uses the affected version to connect to an untrusted MCP server is at risk.

Cybersecurity

“While previously published studies demonstrate the risks from MCP clients connecting to malicious MCP servers, this is the first time that full remote code execution is achieved in a real-world scenario of a client operating system when connecting to a remote MCP server that is unreliable,” Peles said.

The drawback concerns how a malicious MCP server run by a threat actor can embed commands when handled by an MCP remote at the initial communication approval stage, executed on the underlying operating system.

This issue leads to running any OS commands on Windows with full parameter control, but running any executable file with limited parameter control on MacOS and Linux systems.

To mitigate the risk posed by the flaw, users are advised to update their libraries to the latest version and connect only to trusted MCP servers via HTTPS.

“Remote MCP servers are a very effective tool to expand AI capabilities in a managed environment, promote rapid code repetition, and ensure more reliable delivery of software, but MCP users should be careful to connect to trusted MCP servers using secure connection methods such as HTTPS.

“Otherwise, vulnerabilities like CVE-2025-6514 could hijack MCP clients in the ever-growing MCP ecosystem.”

This disclosure comes after OligoSecurity detailed a critical vulnerability in the MCP Inspector Tool (CVE-2025-49596, CVSS score: 9.4).

Earlier this month, two other high-strength security flaws were revealed in the human file system MCP server.

Below is a list of two defects for each Cymulate –

CVE-2025-53110 (CVSS score: 7.3) – Directory containment bypass that allows access, read, or write outside of authorized directories using authorized directory prefixes in other directories (e.g. “/private/private/tmp/aopterdir_sentitive_credentials”) Escalation CVE-2025-53109 (CVSS score: 8.4) – Symlinks (aka shimlinks) caused by insufficient error handling that can be used to point to file systems using file systems files from within authorized directories allow attackers to read or modify important files (eg, eg “/sudoers”/sudoer sulld execution doped execution doping exting exting exting exting exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Exting Persistence Techniques

Cybersecurity

Both drawbacks affect all filesystem MCP server versions prior to 0.6.3 and 2025.7.1, including related fixes.

“This vulnerability is a serious violation of the File System MCP Server Security Model,” security researcher Elad Beber said of CVE-2025-53110. “Attackers can gain unauthorized access by listing, reading or writing to a directory outside of the permitted range, potentially exposing sensitive files, such as credentials and configuration.”

“In addition, in setups where the server runs as a privileged user, this flaw can lead to privilege escalation, allowing attackers to manipulate critical system files and provide greater control over the host system.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleThey robbed Linda Jaccarino’s blue check!
Next Article In Varda Space, major players in Silicon Valley make big bets on making drugs in space
user
  • Website

Related Posts

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

July 10, 2025

Fake Games and AI Companies Push Malware to Cryptocurrency Users via Telegram and Discord

July 10, 2025

Four have been arrested in a £440 million cyberattack on Marks & Spencer, Co-ops and Harrods

July 10, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Grok 4 appears to be consulting with Elon Musk to answer controversial questions

In Varda Space, major players in Silicon Valley make big bets on making drugs in space

A critical MCP-Remote vulnerability allows remote code execution, affecting over 437,000 downloads

They robbed Linda Jaccarino’s blue check!

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.