Skip to content

Hide Navigation Hide TOC

mcp-remote authorization_endpoint OS Command Injection (CVE-2025-6514) - ATR-2026-00434 (59349900-4f91-5f1e-a241-79eebbd7998c)

Detects exploitation of CVE-2025-6514 (CVSS 9.6), OS command injection in mcp-remote when connecting to untrusted MCP servers. The vulnerable surface is the authorization_endpoint field returned in the OAuth metadata response: mcp-remote interpolates this URL into a shell context without sanitisation. Crafted shell metacharacters ($(), \``,;,|,&&,>(...),\$IFS`) inside the URL execute arbitrary OS commands on the client host. CWE-78. Disclosed by JFrog 2025-Q3.

Cluster A Galaxy A Cluster B Galaxy B Level
mcp-remote authorization_endpoint OS Command Injection (CVE-2025-6514) - ATR-2026-00434 (59349900-4f91-5f1e-a241-79eebbd7998c) Agent Threat Rules Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
mcp-remote authorization_endpoint OS Command Injection (CVE-2025-6514) - ATR-2026-00434 (59349900-4f91-5f1e-a241-79eebbd7998c) Agent Threat Rules Exploit Public-Facing Application (47d73872-5336-44f7-81e3-d30bc7e039dd) MITRE ATLAS Attack Pattern 1
mcp-remote authorization_endpoint OS Command Injection (CVE-2025-6514) - ATR-2026-00434 (59349900-4f91-5f1e-a241-79eebbd7998c) Agent Threat Rules ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern 1
mcp-remote authorization_endpoint OS Command Injection (CVE-2025-6514) - ATR-2026-00434 (59349900-4f91-5f1e-a241-79eebbd7998c) Agent Threat Rules Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1