Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks

According to the JFrog security research team report, CVE-2025-6514 exploits the OAuth authorization flow in mcp-remote, a proxy tool that enables LLM hosts like Claude Desktop to communicate with remote MCP servers. The vulnerability affects versions 0.0.5 through 0.1.15 and poses significant risks to Large Language Model (LLM) clients using remote MCP server connections, potentially leading to complete system compromise. The vulnerability occurs during the OAuth metadata discovery phase when mcp-remote requests authorization server metadata from the remote MCP server. CVE-2025-6514: Critical RCE vulnerability in mcp-remote versions 0.0.5–0.1.15 via untrusted MCP server connections. The vulnerability manifests when users configure their LLM clients to connect to untrusted or compromised MCP servers through HTTP connections. Second, man-in-the-middle attacks on insecure HTTP connections enable local network attackers to hijack MCP traffic and redirect it to malicious servers. Organizations should audit their MCP server configurations and remove any insecure HTTP connections from their LLM client configurations. The PowerShell command execution bypasses URL encoding restrictions by using non-standard URI schemes, enabling full command injection with parameter control on Windows systems.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Jul 2025 12:30:15 +0000


Cyber News related to Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks

Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks - According to the JFrog security research team report, CVE-2025-6514 exploits the OAuth authorization flow in mcp-remote, a proxy tool that enables LLM hosts like Claude Desktop to communicate with remote MCP servers. The vulnerability affects ...
2 months ago Cybersecuritynews.com CVE-2025-6514
OWASP Top 10 for LLM Applications: A Quick Guide - Even still, the expertise and insights provided, including prevention and mitigation techniques, are highly valuable to anyone building or interfacing with LLM applications. Prompt injections are maliciously crafted inputs that lead to an LLM ...
1 year ago Securityboulevard.com
New Attack Techniques Using MCP & How It Will be Used to Build Security Tools - The security industry’s rapid response to MCP demonstrates the ongoing evolution of cybersecurity defenses, with researchers already incorporating elements of MCP’s evasion techniques into next-generation security tools that promise ...
5 months ago Cybersecuritynews.com
Threat Actors Can Weaponize MCP Servers - Threat actors have discovered new ways to exploit MCP (Master Control Program) servers, turning them into potent weapons for cyberattacks. MCP servers, critical in managing and controlling network operations, are increasingly targeted due to their ...
3 weeks ago Cybersecuritynews.com
Researchers Show How to Use One LLM to Jailbreak Another - The exploding use of large language models in industry and across organizations has sparked a flurry of research activity focused on testing the susceptibility of LLMs to generate harmful and biased content when prompted in specific ways. The latest ...
1 year ago Darkreading.com
The impact of prompt injection in LLM agents - This risk is particularly alarming when LLMs are turned into agents that interact directly with the external world, utilizing tools to fetch data or execute actions. Malicious actors can leverage prompt injection techniques to generate unintended and ...
1 year ago Helpnetsecurity.com
GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows - GitGuardian, the leader in automated secrets detection and remediation, today announced the launch of its Model Context Protocol (MCP) Server, a powerful new infrastructure designed to bring AI-assisted secrets security directly into developer ...
2 months ago Cybersecuritynews.com
Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem - Cybersecurity professionals and technology innovators need to be thinking less about the threats from GenAI and more about the threats to GenAI from attackers who know how to pick apart the design weaknesses and flaws in these systems. Chief among ...
1 year ago Darkreading.com
CVE-2025-53818 - GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command ...
2 months ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Malicious MCP Server Exfiltrates Secrets, BCC - A newly discovered malicious MCP (Managed Control Protocol) server has been found exfiltrating sensitive secrets and data, posing a significant threat to organizations relying on this protocol for secure communications. This attack vector exploits ...
1 week ago Darkreading.com
Three Tips To Use AI Securely at Work - Simon makes a very good point that AI is becoming similar to open source software in a way. To remain nimble and leverage the work of great minds from around the world, companies will need to adopt it or spend a lot of time and money trying to ...
1 year ago Securityboulevard.com
Exploring the Security Risks of LLM - According to a recent survey, 74% of IT decision-makers have expressed concerns about the cybersecurity risks associated with LLMs, such as the potential for spreading misinformation. Security Concerns of LLMs While the potential applications of ...
1 year ago Feeds.dzone.com
Critical Vulnerability in Anthropic MCP Inspector Let Attackers Execute Arbitrary Code - This vulnerability represents one of the first critical security flaws found in Anthropic’s Model Context Protocol (MCP) ecosystem, potentially exposing AI developers and organizations to significant cyber threats through browser-based attacks. ...
3 months ago Cybersecuritynews.com
Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
2 years ago Hackread.com
Flawed AI Tools Create Worries for Private LLMs, Chatbots - Companies that use private instances of large language models to make their business data searchable through a conversational interface face risks of data poisoning and potential data leakage if they do not properly implement security controls to ...
1 year ago Darkreading.com
Anthropic’s MCP Server Vulnerability Let Attackers Escape Server’s Sandbox and Execute Arbitrary Code - Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems. When validation fails on the symlink target, the code ...
3 months ago Cybersecuritynews.com CVE-2025-53109
CVE-2025-53098 - Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of ...
3 months ago
CVE-2025-53100 - RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and ...
3 months ago
ChatGPT and MCP Tools Pose Risks to Private Data: What You Need to Know - The rise of AI-powered tools like ChatGPT and MCP (Machine Code Processing) has brought significant advancements in automation and data processing. However, these technologies also introduce new risks to private data security. This article explores ...
3 weeks ago Cybersecuritynews.com
Leak confirms OpenAI's ChatGPT will integrate MCP - ChatGPT is testing support for Model Context Protocol (MCP), which will allow it to connect to third-party services and use them as context. MCP is an open-source standard that allows developers to expose third-party data through ...
4 months ago Bleepingcomputer.com
New 'LLMjacking' Attack Exploits Stolen Cloud Credentials - The attackers gained access to these credentials from a vulnerable version of Laravel, according to a blog post published on May 6. Unlike previous discussions surrounding LLM-based Artificial Intelligence systems, which focused on prompt abuse and ...
1 year ago Infosecurity-magazine.com

Cyber Trends (last 7 days)