CVE-2025-9262 | wong2 mcp-cli 1.13.0 oAuth /src/oauth/provider.js redirectToAuthorization os command injection

Inserito da Angelo Barbosa | Ago 20, 2025 | CVE

A vulnerability was found in wong2 mcp-cli 1.13.0. It has been rated as critical. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection.

This vulnerability appears as CVE-2025-9262. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9262 | wong2 mcp-cli 1.13.0 oAuth /src/oauth/provider.js redirectToAuthorization os command injection

Post correlati

CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

CVE-2024-30951 | FUDforum 3.1.3 /adm/admsmiley.php chpos cross site scripting

CVE-2023-45481 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn SetFirewallCfg firewallEn stack-based overflow

CVE-2024-3015 | SourceCodester Simple Subscription Website 1.0 manage_plan.php id sql injection