CVE-2025-58062
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-08-29

Assigner: GitHub, Inc.

Description
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58062
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lstm-kirigaya openmcp-client *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the openmcp-client vscode plugin for MCP developers on Windows platforms. Before version 0.1.12, if a user connected to a malicious MCP server controlled by an attacker, the attacker could set up a malicious authorization server endpoint that triggers an OS command injection during the open() function call. This allows the attacker to compromise the client system.

Impact Analysis

The vulnerability can lead to a full compromise of the client system running the vulnerable openmcp-client plugin on Windows. An attacker can execute arbitrary OS commands silently, potentially gaining control over the affected system.

Mitigation Strategies

Upgrade the openmcp-client vscode plugin to version 0.1.12 or later, as this version contains the patch that fixes the OS command injection vulnerability. Additionally, avoid connecting to untrusted MCP servers, especially on Windows platforms, to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58062. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart