VYPR
Get started
← All advisories
Critical severity9.6NVD Advisory· Published Jul 9, 2025· Updated Apr 15, 2026

CVE-2025-6514

CVE-2025-6514

Description

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mcp-remotenpm
>= 0.0.5, < 0.1.160.1.16

Patches

1
607b226a356c

Forcibly escape username/pass for basic auth URLs too

https://github.com/geelen/mcp-remoteGlen MaddernJun 17, 2025via ghsa
commit
2 files changed · +7 0
  • src/lib/utils.test.ts+5 0 modified
    @@ -84,6 +84,11 @@ describe('sanitizeUrl', () => {
       const result = sanitizeUrl('https://example.com?empty&hasvalue=test')
       expect(result).toBe('https://example.com/?empty&hasvalue=test')
     })
+
+    it('should encode basic auth', () => {
+      const result = sanitizeUrl('http://user$(calc)r:pass$(calc)word@domain.com')
+      expect(result).toBe('http://user%24(calc)r:pass%24(calc)word@domain.com/')
+    })
   })
 
   describe('should handle complex URLs', () => {
  • src/lib/utils.ts+2 0 modified
    @@ -722,6 +722,8 @@ export function sanitizeUrl(raw: string) {
   if (url.hostname !== encodeURIComponent(url.hostname)) abort()
 
   // Forcibly sanitise all the pieces of the URL
+  if (url.username) url.username = encodeURIComponent(url.username)
+  if (url.password) url.password = encodeURIComponent(url.password)
   url.pathname = url.pathname.slice(0, 1) + encodeURIComponent(url.pathname.slice(1)).replace(/%2f/ig,'/')
   url.search = url.search.slice(0, 1) + Array.from(url.searchParams.entries()).map(sanitizeParam).join('&')
   url.hash = url.hash.slice(0, 1) + encodeURIComponent(url.hash.slice(1))

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.