Home > Vulnerability Database > CVE-2025-58062

Mend.io Vulnerability Database

CVE-2025-58062

Good to know:

Date: August 28, 2025

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.

Severity Score

6.3

Related Resources (5)

Url: https://github.com/LSTM-Kirigaya/openmcp-client/security/advisories/GHSA-43m4-p3rv-c4v8

Url: https://drive.google.com/file/d/1lSqFkc412aX6a_fjmNfzXsJKE7b8jPqD/view?usp=sharing

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58062

Url: https://github.com/LSTM-Kirigaya/openmcp-client/commit/9c3799d6ffae8d0cdfab25a53af75e1afc85f6c3

Url: https://www.mend.io/vulnerability-database/CVE-2025-58062

Severity Score

6.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

Upgrade Version

Upgrade to version https://github.com/LSTM-Kirigaya/openmcp-client.git - null

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58062

Good to know:

Date: August 28, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?