OS Command Injection Vulnerability in LSTM-Kirigaya's openmcp-client for Windows
CVE-2025-58062

7.3HIGH

Key Information:

Vendor

Lstm-kirigaya

Status
Openmcp-client
Vendor
CVE Published:
28 August 2025

What is CVE-2025-58062?

A significant vulnerability exists in LSTM-Kirigaya's openmcp-client, a Visual Studio Code plugin utilized by MCP developers. Prior to version 0.1.12, users on Windows who connected to a maliciously controlled MCP server were susceptible to an OS command injection attack. This could occur when attackers provision a harmful authorization server endpoint, allowing them to exploit the open() function and potentially compromise the client system. Users are strongly advised to update to version 0.1.12 or later to mitigate this security risk.

Affected Version(s)

openmcp-client < 0.1.12

References

https://github.com/LSTM-Kirigaya/openmcp-client/security/...
x_refsource_CONFIRM
https://github.com/LSTM-Kirigaya/openmcp-client/commit/9c...
x_refsource_MISC
https://drive.google.com/file/d/1lSqFkc412aX6a_fjmNfzXsJK...
x_refsource_MISC

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-58062 : OS Command Injection Vulnerability in LSTM-Kirigaya's openmcp-client for Windows