Medium severity6.3OSV Advisory· Published Sep 17, 2025· Updated Apr 29, 2026

CVE-2025-10619

Description

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 1.0.14 is able to mitigate this issue. The patch is named e569815854166db5f71c2e722408f8957fb9e804. It is recommended to upgrade the affected component. The vendor explains: "We only promote that mcp server with our own URLs that have a valid response, but yes if someone would use it with a non sequa url, this is a valid attack vector. We have released a new version (1.0.14) that fixes this and validates that only URLs can be opened."

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@sequa-ai/sequa-mcpnpm	< 1.0.14	1.0.14

Affected products

Sequa Ai/Sequa McpOSV

Patches

e56981585416

Validate authorization url

https://github.com/sequa-ai/sequa-mcpfabian-emiliusSep 9, 2025via ghsa

commit

2 files changed · +8 −2

package.json+1 −1 modified

@@ -1,6 +1,6 @@
 {
   "name": "@sequa-ai/sequa-mcp",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "A proxy for the Model Context Protocol (MCP) that connects local STDIO with remote MCP servers",
   "keywords": ["mcp", "model-context-protocol", "proxy", "ai", "sequa"],
   "author": "Sequa AI GmbH",

src/helpers/node-oauth-client-provider.ts+7 −1 modified

@@ -30,7 +30,13 @@ export class NodeOauthClientProvider implements OAuthClientProvider {
   }
 
   public async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
-    await open(authorizationUrl.toString())
+    const url = authorizationUrl.toString()
+
+    if (!url.startsWith('http://') && !url.startsWith('https://')) {
+      throw new Error('Invalid authorization url URL')
+    }
+
+    await open(url)
   }
 
   public async codeVerifier(): Promise<string> {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

6.3/ 10

CVSS v42.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

Probability of exploitation in the next 30 days.

0.38%

VYPR risk score

Composite of severity, exploitation, and reach.

0.34medium

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

Weaknesses

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE ID

CVE-2025-10619

Source code

github.com/sequa-ai/sequa-mcp