CVE-2025-6514 — mcp-remote exposed to OS command injection via untrusted MCP server connections

Description

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

How to fix CVE-2025-6514

To remediate CVE-2025-6514, upgrade the affected package to a fixed version below.

npm/mcp-remote—upgrade to 0.1.16 or later

Is CVE-2025-6514 being exploited?

Moderate — EPSS is 12.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 0.0.5, < 0.1.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-6514
PATCHgithub.com/geelen/mcp-remote
WEBgithub.com/geelen/mcp-remote/commit/607b226a356cb61a239ffaba2fb3db1c9dea4bac
WEBjfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability