Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 01 Sep 2025 09:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lstm-kirigaya
Lstm-kirigaya openmcp-client |
|
Vendors & Products |
Lstm-kirigaya
Lstm-kirigaya openmcp-client |
Fri, 29 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 28 Aug 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12. | |
Title | LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-29T13:24:44.632Z
Reserved: 2025-08-22T14:30:32.222Z
Link: CVE-2025-58062

Updated: 2025-08-29T13:24:38.987Z

Status : Awaiting Analysis
Published: 2025-08-28T23:15:44.300
Modified: 2025-08-29T16:24:29.730
Link: CVE-2025-58062

No data.

Updated: 2025-09-01T09:05:12Z