Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands.
The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0.
« The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it