CVE-2025-62801 | jlowin fastmcp up to 2.12.x on Windows server_name os command injection (GHSA-rj5c-58rq-j5g5)

Inserito da Angelo Barbosa | Ott 29, 2025 | CVE

A vulnerability classified as critical was found in jlowin fastmcp up to 2.12.x on Windows. The affected element is an unknown function. Executing manipulation of the argument server_name can lead to os command injection.

This vulnerability appears as CVE-2025-62801. The attack requires local access. There is no available exploit.

Upgrading the affected component is advised.

CVE-2025-62801 | jlowin fastmcp up to 2.12.x on Windows server_name os command injection (GHSA-rj5c-58rq-j5g5)

Post correlati

CVE-2024-39709 | Ivanti Connect Secure/Policy Secure up to 22.6R1 default permission

CVE-2024-52951 | Omada Identity up to 15 Access Request History cross site scripting

CVE-2024-21668 | mrousavy react-native-mmkv up to 2.10.x log file (GHSA-4jh3-6jhv-2mgp)

CVE-2024-12320 | markodonnell Team Rosters Plugin up to 4.7 on WordPress tab cross site scripting