According to the JFrog security research team report, CVE-2025-6514 exploits the OAuth authorization flow in mcp-remote, a proxy tool that enables LLM hosts like Claude Desktop to communicate with remote MCP servers. The vulnerability affects versions 0.0.5 through 0.1.15 and poses significant risks to Large Language Model (LLM) clients using remote MCP server connections, potentially leading to complete system compromise. The vulnerability occurs during the OAuth metadata discovery phase when mcp-remote requests authorization server metadata from the remote MCP server. CVE-2025-6514: Critical RCE vulnerability in mcp-remote versions 0.0.5–0.1.15 via untrusted MCP server connections. The vulnerability manifests when users configure their LLM clients to connect to untrusted or compromised MCP servers through HTTP connections. Second, man-in-the-middle attacks on insecure HTTP connections enable local network attackers to hijack MCP traffic and redirect it to malicious servers. Organizations should audit their MCP server configurations and remove any insecure HTTP connections from their LLM client configurations. The PowerShell command execution bypasses URL encoding restrictions by using non-standard URI schemes, enabling full command injection with parameter control on Windows systems.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Jul 2025 12:30:15 +0000