CVE-2025-62801 | jlowin fastmcp up to 2.12.x on Windows server_name os command injection (GHSA-rj5c-58rq-j5g5)

Inserito da Angelo Barbosa | Ott 29, 2025 | CVE

A vulnerability classified as critical was found in jlowin fastmcp up to 2.12.x on Windows. The affected element is an unknown function. Executing manipulation of the argument server_name can lead to os command injection.

This vulnerability appears as CVE-2025-62801. The attack requires local access. There is no available exploit.

Upgrading the affected component is advised.

CVE-2025-62801 | jlowin fastmcp up to 2.12.x on Windows server_name os command injection (GHSA-rj5c-58rq-j5g5)

Post correlati

CVE-2025-61303 | Hatching Triage Sandbox access control

CVE-2025-25192 | GLPI up to 10.0.17 install/update.php information disclosure (GHSA-86cx-hcfc-8mm8)

CVE-2024-12357 | SourceCodester Best House Rental Management System 1.0 /index.php page file inclusion

CVE-2024-27905 | Apache Aurora up to 0.5.0 information disclosure