CVE ID : CVE-2025-58062
Published : Aug. 28, 2025, 11:15 p.m. | 2 hours, 47 minutes ago
Description : LSTM-Kirigaya’s openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More