CVE-2025-64340 | jlowin fastmcp up to 3.1.x on Windows subprocess.run list os command injection

Inserito da Angelo Barbosa | Apr 3, 2026 | CVE

A vulnerability was found in jlowin fastmcp up to 3.1.x on Windows and classified as critical. Affected by this issue is the function subprocess.run. Executing a manipulation of the argument list can lead to os command injection.

The identification of this vulnerability is CVE-2025-64340. The attack can only be executed locally. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2025-64340 | jlowin fastmcp up to 3.1.x on Windows subprocess.run list os command injection

Post correlati

CVE-2024-24026 | nove-plus up to 4.3.0-RC1 com.java2nb.system.controller.SysUserController: uploadImg filename unrestricted upload

CVE-2025-36081 | IBM Concert Software up to 2.0.0 neutralization for logs

CVE-2025-27423 | Vim up to 9.1.1163 Tar command injection

CVE-2025-23195 | Apache Ambari up to 2.7.8 DocumentBuilderFactory xml external entity reference